Chris Vance at ‘D20 Forensics’ iOS 16 – “Paul unsent a message.” … OR DID HE?! iOS 16 – Now You ‘C’ It, Now You Don’t — Breaking Down The Biomes Part 1 Krzysztof Gajewski at CyberDefNerdC:\ProgramData\Microsoft\Event Viewer\ExternalLogs – artifacts showing what Windows Event Logs were opened on the suspected device. Joseph Moronwi at Digital […]

Digital Forensics Myanmar Digital Forensics Myths & Reality DFIR Field Mistake How To Use Forensics Reader And Viewer Joseph Moronwi at Digital InvestigatorFile Signature And Hash Analysis Oleg Afonin at ElcomsoftEntering DFU: iPhone 8, 8 Plus, and iPhone X Forensafe Investigating WordPad Recent Files Investigating Windows Startup Programs Forensics [Insider]Basic Concepts in Mobile Device Forensics […]

Jessica Hyde at HexordiaPeer Review for Mobile Forensics Joseph Moronwi at Digital InvestigatorFile Carving In Windows Forensafe Investigating Microsoft Management Console (MMC) MRU Investigating WordPad Recent Files Lina Lau at InversecosForensic Detection of Files Deleted via SDelete Magnet ForensicsWhat is MRU (Most Recently Used)? Mattia Epifani at Zena ForensicsAndroid Forensics References: a curated list Muhammed […]

Alican KirazThreat Hunting for Windows Registry Blake ReganPicking the right gear for your DFIR write-blocker kit Derek EiriAssembling a Go-Bag, Re: Write Block Options? Joseph Moronwi at Digital InvestigatorUsing The Wayback Machine For OSINT Forensafe Investigating WinZip Investigating Swap File URL’s ForensiumFirmware extraction from BT headset 2 InfoSec Write-upsS3 Bucket: Cloud Trail Log Analysis Kevin […]

Cado SecurityAWS EC2 Incident Response CovertshellDFIR triage and Timeline Analysis Danus MinimusThe guide for a freeloader Threat Intelligence Analyst and Malware Researcher Digital Forensic ForestBlue Team Cheat Sheets Digital Forensics Myanmar NTFS Index Attributes B-Trees (NTFS) IOS Crash & Sysdiagnose Log – PDF Oleg Afonin at ElcomsoftLow-Level Extraction of iOS 15.2-15.3.1 Forensafe ArtiFast ShimCache Parser […]

BelkasoftSQLite Forensics with Belkasoft X Cyber TriageWhat is a Windows Recents Folder Artifact? Joshua I. James at DFIRScienceiLEAPP and RLEAPP updates and dev thoughts Elcomsoft Probing Linux Disk Encryption: LUKS2, Argon 2 and GPU Acceleration Breaking Windows Passwords: LM, NTLM, DCC and Windows Hello PIN Compared Erik Hjelmvik at NetresecWhat is PCAP over IP? ForensafeLast […]

Jessica Hyde at HexordiaCreating Synthetic Test Data Asger SGeolocating IP addresses in Velociraptor Gary Warner at CyberCrime & Doing TimeThree UK-based Nigerian BEC Scammers Used Construction Intelligence Service to Target Victims Joshua I. James at DFIRScienceModular artifact scripts coming to iLEAPP Muhammed AygünBAM/DAM Analizi N00b_H@ck3rLetsDefend: Memory Dumper Oxygen ForensicsExtract Data from OnlyFans App with Oxygen […]

AxelaratorCloud Recon BelkasoftBelkasoft CTF July 2022: Write-up Carlos at Carlos Cajigas at ‘Mash That Key’Velociraptor Playground 2022-08-02 CloudbrothersUpdate to the Hitchhiker’s Guide to Microsoft Defender for Endpoint exclusions Cyber TriageWhat is a Windows OpenSave MRU Artifact? Yogesh Khatri at DFRWSDFRWS APAC 2022 Call for participation Elcomsoft Windows Hello: No TPM No Security New in Elcomsoft […]

Andrew RathbunWindows 10 vs. Windows 11, What Has Changed? Cyber TriageWhat is a Microsoft Office Most Recently Used Artifact “MRU” Joseph Moronwi at Digital InvestigatorWindows Memory Dump Analysis With Volatility Doug Metz at Baker Street ForensicsMagnet 2022 CTF – iOS15 Vladimir Katalov at Elcomsoftcheckm8 Extraction: iPhone 7 Elizabeth McPherson at HexordiaJailbreaking iPhone XR with unc0ver […]

Andrew MalecSecurity Patch/KB Install Date Arsenal ReconCheck out Arsenal Recon’s post Krzysztof Gajewski at CyberDefNerdEasy way to prove that a file was downloaded by a web browser, having only $UsnJrnl logs. Digital Forensics Myanmar Unkown USB Stick  Analysis Smart Watch Forensics Joseph Moronwi at Digital InvestigatorImage OSINT Investigations Dr. Neal Krawetz at ‘The Hacker Factor […]