Last weekly post for the year! It’s both good and bad that the year ends on a Sunday. It does round things off nicely, but it also means that I have a podcast to put together next. Thank you to everyone that reads this every week, and also shares it around with others. I really […]

Merry Christmas and Happy Holidays! Hope everyone’s enjoying their break…although the last couple weeks have been 120+ links shared a week, and this week is no exception. FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog uses eventlogedit to delete an Event Log record. EventLogとEVTX There were a few posts by the guys at Cyber […]

FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog takes a look at registry transaction log files and shows to examine them using Maxim Suhanov’s YARP tool. RegistryとTransaction log files The guys at Cyber Forensicator shared a paper by Xingzi Yuan, Omid Setayeshfar, Hongfei Yan, Pranav Panage, Xuetao Wei, and Kyu Hyung Lee titled “DroidForensics: […]

FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog looks at deleting values from the Windows Registry. RegistryとFile format(3) Digital Forensics Corp shared an article by Jason Fenech at Altaro showing a few methods for accessing data on a VMDK. How to extract data from Virtual Machines Scar de Courcier at Forensic Focus has posted […]

FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog continues his examination of the Windows registry file format RegistryとFile format(2) There were a couple of posts by Digital Forensics Corp this week They provided a brief overview of Volatility Workbench by Passmark software. Volatility Workbench Overview They shared an article on InfoSecAddicts on iOS device […]

FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog examines the Windows registry file format RegistryとFile format(1) Luis Rocha at ‘Count Upon Security’ looks at a few artefacts that may be useful when investigating an attacker interacting with a Windows machine through the GUI. Digital Forensics – Artifacts of interactive sessions The guys at Cyber […]

Just to start, I’ve signed up to Amazon’s Affiliate program so if you click on the Amazon links I’ll get a referral bonus. That being said, I’m going to be providing the non-referral link, as well, for anyone that wants to use that. Also; apologies for the formatting and if some posts from the week […]

FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog looks at the effect on a file/folders MFT entry when sdelete is used. Win 10 と sdelete Oleg Skulkin and Igor Mikhaylov at Cyber Forensicator take a look at a few artefacts on OSX that may assist in identifying files copied to a connected volume. They […]

Just wanted to say thanks first up to the Patreon donors for the latest podcast episode. For those that didn’t see last weeks post, I’ll be donating the proceeds from this months show to the Lifehouse cancer research and treatment centre. FORENSIC ANALYSIS Dan Pullega at 4n6k posts how he identified the answer to a […]

I wanted to start this post slightly differently; last week a colleague lost his fight with cancer – he was one of the founding members of the organisation that I work at, and the lack of his presence will be noticed across the command. Some people have been very kind to donate to my work on […]