Magnet Forensics wrote a blog post reminding you to go and vote in the Forensic 4Cast Awards. Only a couple more weeks till voting closes! 3 Reasons to Vote Magnet Forensics for Forensic 4:cast Digital Forensic Organization of the Year Brett Shavers at DFIR.Training shared some stats for the site, as well as asked […]

FORENSIC ANALYSIS Matt at ‘Bit of Hex’ takes a look at the memory artefacts left behind by “a user running Tor Browser Bundle (TBB) on an external USB drive to access webmail, and a Tor hidden service.” Memory Forensics &Tor Igor and Oleg at Cyber Forensicator examine the artefacts created by the “pCloud desktop application […]

There were a few more requests for votes for Forensic 4Cast Awards. Belkasoft – Phone Forensic Software, and Computer Forensic Software of the Year AboutDFIR – Digital Forensic Investigator, and Digital Forensic Resource of the Year Magnet Forensics – Digital Forensic Organization, Phone Forensic Software, and Computer Forensic Software of the Year FORENSIC ANALYSIS Hideaki […]

Campaigning for the 4Cast Awards is in full swing; I think I got three emails about it last week! The link to vote is here. FORENSIC ANALYSIS Oleg Skulkin and Igor Mikhaylov at Cyber Forensicator take a look at the artefacts created by a couple of desktop apps for cloud storage providers. Cloud Forensics: Analyzing […]

Lee Whitfield at Forensic 4Cast has opened up voting for the 2018 Forensic 4Cast awards, held at the SANS DFIR Summit in Austin, Texas. Thanks to everyone that nominated ‘This Week in 4n6’ for blog of the year. Voting ends May 25th, so I’ll post this up a couple times before then to remind people […]

FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog posted a couple of times this week First, he takes a look at the Property store data block of a LNK file. Hideaki indicates that this data is not parsed in Plaso. LNK と Property Store Next, he looks at some of the timestamps stored in […]

Last chance to nominate this site for the 2018 Forensic 4Cast Awards. If you have already, it’s very much appreciated. FORENSIC ANALYSIS Oleg Skulkin and Igor Mikhaylov at Cyber Forensicator tested how various actions affect the 8 timestamps on an NTFS volume on a Win10 host. This test shows that there are minor differences compared to […]

If you like my work and would like to nominate me for a 4Cast Award for Blog of the year that would be greatly appreciated. Nominations close at the end of this month. FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog takes a look at the “the Shell item structure of the LNK file.” […]

FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog takes a look at the ‘Access Bits’ in a Windows 10 registry hive. RegistryとAccess bits Sebastian Neef at 0day Work shares his findings from pulling apart the .DS_Store file format. Parsing the .DS_Store file format Marco Fontani at Amped Software shows “what Griffeye Analyze DI Pro […]

FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog shows how to repair a dirty registry hive manually so that it can be examined by Log2timeline. Registry Transaction LogとPlaso Scar at Forensic Focus has posted an article on using Oxygen to examine drone onboard/SD card and Cloud data. Oxygen Drone Forensics Alexis Brignoni at ‘Initialization […]