Ahmed BelhadjadjiExamine the Cache, Cookies, and History Recorded in Web Browsers Belkasoft Walkthrough: Sigma Rules in Belkasoft X Basic but significant legal issues in the Casey Anthony Case Doug Metz at Baker Street ForensicsNSRL Query from the Command Line Eric CapuanoMounting E01 Forensic Images in Linux Foxton ForensicsAnalysing Safari browser history InfoSec Write-upsWindows Forensic 101: How […]

David Spreadborough at AmpedCCTV – The Beginners Guide Matt Danner at Cyber Social Hub3 Ways Programming Skills Can Help You Succeed In DFIR Dr. Tristan Jenkinson at ‘The eDiscovery Channel’The Importance of Data that Doesn’t Exist – Part Three (Missing Metadata – A Case Study) Forensafe Investigating Windows 1Password Investigating Windows Unigram Jerry ChangMason TCTF […]

Rushed last week and didn’t include Lee Whitfield’s post notifying the community that nominations for the 2023 Forensic 4Cast Awards is now open. Emi Polito at AmpedLearn How to Remove Sensitive Audio in Amped Replay: Ready, Steady, Redact! Amr AshrafRansomeWare Investigation Oleg Afonin at Elcomsoft Password Recovery and Data Decryption: Getting Around and About Right […]

David Spreadborough at AmpedIntroduction to CCTV Acquisition Dany at DigitellaExploitation Kit Network Traffic Investigation Forensafe Investigating Windows F-Secure Investigating Windows OpenVPN Magnet ForensicsUnderstanding Messages in Apple’s Cloud & Processing Warrant Returns Paolo Dal Checco at Studio d’Informatica ForenseManuale ENFSI per l’analisi dell’autenticità delle registrazioni digitali John Lukach at 4n6irNew Amazon Linux Triage Detection Adam Todd […]

Aditya PratapAcquisition & Analysis for Apple Devices Amanda Berlin at BlumiraWhat Are Event Logs and Why Do They Matter Cado Security and Invictus Incident ResponseCase Study Continued: Responding to an Attack in AWS Digital Forensics Myanmar eCDFP Module (5) File System Analysis (Part-12)  (NTFS File System Analysis) eCDFP Module (5) File System Analysis (Part-13)  (NTFS […]

Adam Cohen Hillel at Cado SecurityCado + GPT-3: Interactive Incident Response Digital Forensics Myanmar SQLite Database  Forensics (Note) eCDFP Module (5) File System Analysis (Part-11)  (NTFS File System Analysis) Doug Metz at Baker Street ForensicsKAPE batch mode, ARM Memory, updates to CSIRT-Collect, and all the things I learned along the way. Oleg Afonin at ElcomsoftForensically […]

Ali HadiAnit-Forensics Brian Carrier at Cyber TriageAnalyzing KAPE DFIR Artifacts in Cyber Triage Dany at DigitellaCyberDefenders HoneyBOT Challenge Write-up Derek EiriRetrieving Registry Values to Decrypt Files Protected with DDPE Dr. Neal Krawetz at ‘The Hacker Factor Blog’An Itty Midi Mystery Dr. Tristan Jenkinson at ‘The eDiscovery Channel’The Importance of Data that Doesn’t Exist – Part […]

Adam at HexacornExcelling at Excel, Part 3 Emi Polito at AmpedMeasuring in a Scene: What Filters to Use in Amped FIVE? Cado SecurityCase Study: Responding to an Attack in AWS Craig Ball at ‘Ball in your Court’Not So Fine Principle Nine Dany at DigitellaCyberDefenders PCAP Or It Didn’t Happen Challenge Write Up Domiziana FotiLetsDefend-SOC163 — Suspicious Certutil.exe […]

AbdulRhman Alfaifi at U0041Exploring Windows Artifacts : $Security Artifact Catie WalshSysInternals Case Write Up Dany at DigitellaUsing Powershell To Enumerate Information on Windows Defender and Firewalls Digital Forensics MyanmarBitLocker Decryption Methods Dr. Tristan Jenkinson at ‘The eDiscovery Channel’The Importance of Data that Doesn’t Exist – Part One (Timelines) Oleg Afonin at ElcomsoftiOS 15.5 Low-Level Keychain […]

Andrew Rathbun at AboutDFIR New Windows 11 Pro (22H2) Evidence of Execution Artifact! DFIR FYI: Security:4624 has been updated in Windows 11 Pro (22H2) Abdul ShareefDFIR-Resources Adam at HexacornExcelling at Excel, Part 1 Austin Songer at ‘Songer Tech’Evidence Gathering Recommendation: Adding TimeStamp To Screenshots BelkasoftNIST tested Belkasoft support for SQLite data recovery James McGee at […]