Alexis Brignoni at ‘Initialization Vectors’SQLite 3.45 introducing binary JSON BelkasoftThe Investigator’s Guide to Android Acquisition Methods. Part I: Device Nate Bill at Cado SecurityContainerised Clicks: Malicious use of 9hits on vulnerable docker hosts CCL SolutionsSQLite’s New Binary JSON Format Foxton ForensicsInvestigating Microsoft Teams IndexedDB data International Journal of Electronic Security and Digital ForensicsVolume 16 Issue […]

Cyber 5W Memory Forensics – Practical Example, Detect Classic Remote Process Injection Malware Analysis – How to Bypass Anti-Debugging Tricks – Part 1 Oleg Afonin at ElcomsoftWhen Extraction Meets Analysis: Cellebrite Physical Analyzer Matt Shannon at F-ResponseF-Response and Apple, 2024 Edition ForensafeInvestigating iOS Calls Oxygen ForensicsHuawei Forensics: Data Extraction and Encryption Pending InvestigationsDissect vs SysInternals […]

Amged WagehDriveFS Sleuth — Revealing The Hidden Intelligence Cado Security The Importance of Depth: Cloud Forensics Beyond Log Analysis  The Cado Platform can now Capture AWS EC2 Systems into E01 Format ElcomsoftA Comprehensive Guide to Essential Tools for Elcomsoft iOS Forensic Toolkit ForensafeInvestigating iOS Venmo Gerardo Santos at Security Art WorkClusterización de Amenazas y Threat Hunting Taz […]

So I can’t count and started the year on Week 1 instead of Week 0. This is the last summary post of the year, and hopefully I find a bit of time to write a year summary later on. Ahmed BelhadjadjiPoisonedCredentials Challenge Walkthrough Oleg Afonin at ElcomsoftA Comprehensive Instruction Manual on Installing the Extraction Agent […]

(Turns out the first post of the year should have been week 0 instead of week 1….whoops….week 52 is 1 week early this year) Amged WagehDriveFS Sleuth — Investigating Google Drive File Stream’s Disk Artifacts David Spreadborough at AmpedCorrect the Aspect Ratio of CCTV Footage Oleg Afonin at ElcomsoftiOS 17.3 Developer Preview: Stolen Device Protection ForensafeSolving Cellebrite’s […]

Cado SecurityUsing the Unix-like Artifacts Collector and Cado Community Edition to Investigate a Compromised Linux System Brian P. MohrDemystifying Log Collection in Azure: Navigating Windows and Linux Server Logging for Microsoft Sentinel Emi Polito at AmpedMeasure Speed from Surveillance Video Felix Guyard at ForensicXlab📦 Volatility3 : Import Address Table ForensafeInvestigating Android Snapchat App Max Groot […]

Abrar HussainSmall Things Matter in DFIR#1: Persistence without Privileges! BelkasoftHow to Efficiently Triage Digital Evidence with Belkasoft T CCL SolutionsWhat makes epoch timestamps tick? CellebriteThe Pitfalls of Relying on iTunes Backups for Investigations Fabio Poloni at Compass SecurityExposing the Scammers: Unmasking the Elaborate Job Offering Scam Digital DanielaInvestigating Traffic With Splunk! Emi Polito at AmpedSeparate […]

Emi Polito at AmpedIncrease Exposure of Dark Footage Cyber TriageEDRs don’t collect all DFIR artifacts, but they can help you do it Derek EiriIn Search of Extraction Techniques for Pair-Locked iOS Devices Oleg Afonin at Elcomsoft iOS Forensic Toolkit: Exploring the Linux Edition Forensic Insights into Apple Watch Data Extraction ForensafeInvestigating Android Viber Ian Whiffin […]

Me with contributions from Andrew Skatoff and Zach Stanford and hopefully others.The RULER Project Adam at HexacornThe world of partially downloaded files… BelkasoftForensic Duel: Exploring Deleted WhatsApp Messages—iOS vs Android Cado SecurityAbstracting Cloud Complexity With Cado’s New Import UI Emi Polito at AmpedEnhance and Optimize Facial Detail Felix Guyard at ForensicXlab📦 Volatility3 : Alternate Data […]

Emi Polito at AmpedCorrect Optical Distortion Amr AshrafBreach Investigation AtolaHow to Choose a Perfect Target Drive Cado SecurityOracleIV – A Dockerised DDoS Botnet DebugPrivilegeDebug Case Study: Analysis of ProxyShell via IIS Worker Memory Dumps ForensafeInvestigating Android IMO Mattia Epifani at Zena ForensicsiOS 15 Image Forensics Analysis and Tools Comparison – Communication and Social Networking Apps […]