Cado Security Enhancing Cado Community Edition with Velociraptor WatchDog Continues to Target East Asian CSPs The Ultimate Guide to Ransomware Incident Response & Forensics Dr. Ali HadiChallenge #7 – SysInternals Case Oleg Afonin at Elcomsoft Advanced Logical Extraction with iOS Forensic Toolkit 8: Cheat Sheet Cloud Forensics: Obtaining iCloud Backups, Media Files and Synchronized Data […]

Blake ReganHow to create a forensic image of a physical hard drive using FTK Imager Alan Flora at CellebriteUsing Pathfinder to Avoid Ethical Dilemmas in Digital Forensics CTF导航 inctf Forensic复现 | Memlabs（下） inctf Forensic复现 | Memlabs（上） 电子取证之NTFS基础 Digital Forensics Myanmar Browser Forensics (Firefox, Chrome, Edge, Opera, Brave) Clear Browsing Data  Forensics (Firefox, Chrome, Edge, Opera, […]

Cado SecurityAnalysing Docker Images in the Cado Platform CTF导航如何基于volatility2构建“新”版本内核的profile DFIR Review Wipeout! Detecting Android Factory Resets An Alternate Location for Deleted SMS/iMessage Data in Apple Devices iOS KnowledgeC.db Notifications Digital Forensics Myanmar Disk Scan (OR) Low Level Enumeration  (NTFS  File System) Zone.idnetifier  In Master File Table (MFT) Joseph Moronwi at Digital Investigator IP Geolocation: A […]

CyberJunnkiePrintNightmare : Memory forensics and Network forensics challenge -> Letsdefend Derek EiriExploring AI Assisted Picture Categorization with Magnet Forensics AXIOM and X-Ways Forensics with Excire, Re: Weapons Digital Forensics MyanmarDisk Scan (OR) Low Level Enumeration  (FAT File System) Erik Hjelmvik at NetresecWhat is a PCAP file? ForensafeInvestigating VirtualBox Haircutfish TryHackMe Volatility — Task 2 Obtaining Memory Samples Secure […]

Krzysztof Gajewski at CyberDefNerdThe $MFT flag that you have never considered before – OneDrive not synchronized files. Mohamed Labib at DetectiveStringsMay svchosts guid you Domiziana FotiLetsDefend- SOC 175- PowerShell Found in Requested URL-Microsoft Exchange Server… ForensafeInvestigating FileZilla Fox-ITI’m in your hypervisor, collecting your evidence InfoSec Write-upsPylirt — Python Linux Incident Response Toolkit Md. Abdullah Al MamunMy Recent […]

John Lukach at 4n6irAmazon Linux Triage for Anyone and Everyone ArcPointGetting started with ALEAPP | ArcPoint Forensics Cyrill Brunschwiler at Compass SecurityTutorial on how to Approach Typical DFIR Cases with Velociraptor ForensafeInvestigating Ouick Access Harel Segev at ‘RAT In Mi Kitchen’The Forensic Value of the (Other) WSH Registry Key Lina Lau at InversecosHow to Investigate […]

Andre Maccarone and John Ailes at AonAmazon Web Services: Exploring the Cost of Exfil CERT-SE CTF2022CERT-SE CTF2022 CyberJunnkieIncident Response LetsDefend : Detecting Web App attack and detecting persistence Forensafe Investigating LogMeIN Investigating ExpressVPN Kathryn HedleyWindows 11 Time Rules Magnet ForensicsSRUM: Forensic Analysis of Windows System Resource Utilization Monitor Carl Purser at OpenTextApple property list parsing with […]

Chris Vance at ‘D20 Forensics’ iOS 16 Breaking Down the Biomes Part 2 – AppInstalls, AppLaunch, & AppIntents iOS 16 – Breaking Down the Biomes (Part 3) – Keeping up with CarPlay iOS 16 – Breaking Down the Biomes (Part 4) – Surfin’ with Safari iOS 16 – Breaking Down the Biomes Part 5 — […]

Chris Vance at ‘D20 Forensics’ iOS 16 – “Paul unsent a message.” … OR DID HE?! iOS 16 – Now You ‘C’ It, Now You Don’t — Breaking Down The Biomes Part 1 Krzysztof Gajewski at CyberDefNerdC:\ProgramData\Microsoft\Event Viewer\ExternalLogs – artifacts showing what Windows Event Logs were opened on the suspected device. Joseph Moronwi at Digital […]

Digital Forensics Myanmar Digital Forensics Myths & Reality DFIR Field Mistake How To Use Forensics Reader And Viewer Joseph Moronwi at Digital InvestigatorFile Signature And Hash Analysis Oleg Afonin at ElcomsoftEntering DFU: iPhone 8, 8 Plus, and iPhone X Forensafe Investigating WordPad Recent Files Investigating Windows Startup Programs Forensics [Insider]Basic Concepts in Mobile Device Forensics […]