Andrew Rathbun at AboutDFIR New Windows 11 Pro (22H2) Evidence of Execution Artifact! DFIR FYI: Security:4624 has been updated in Windows 11 Pro (22H2) Abdul ShareefDFIR-Resources Adam at HexacornExcelling at Excel, Part 1 Austin Songer at ‘Songer Tech’Evidence Gathering Recommendation: Adding TimeStamp To Screenshots BelkasoftNIST tested Belkasoft support for SQLite data recovery James McGee at […]

Welcome to 2023! I wrote a 2022 Wrap Up! Oleg Afonin at Elcomsoftcheckm8 for iOS 16.2 and Windows-based iOS Low-Level Extraction Joe T. Sylve, Ph.D. 2022 APFS Advent Challenge Day 18 – Decryption 2022 APFS Advent Challenge Day 20 – Snapshot Metadata 2022 APFS Advent Challenge Day 21 – Fusion Containers 2022 APFS Advent Challenge […]

And that’s a wrap for 2022! Things returned a lot more to normal down in Sydney, with pretty much all restrictions being lifted. We have seen a bit of an increase in COVID cases recently, and it seems almost everyone is getting it now (or again) – thankfully almost all the cases seem to be […]

CTF导航Cyberdefenders蓝队-恶意软件流量分析3 Dr. Neal Krawetz at ‘The Hacker Factor Blog’Weird Science ForensafeInvestigating Window Kaspersky Antivirus Howard Oakley at ‘The Eclectic Light Company’Rolling logs and anti-malware scans Jason Wilkins at ‘Noob to Pro Forensics’Drive Geometry, File Systems, and How Criminals Hide Data Joe T. Sylve, Ph.D. 2022 APFS Advent Challenge Day 13 – Data Streams 2022 APFS […]

Active CountermeasuresHunting Windows Event Logs Oleg Afonin at ElcomsoftWindows Account Passwords: Why and How to Break NTLM Credentials ForensafeInvestigating Window Google Drive Karthikeyan Nagaraj at InfoSec Write-ups Advent of Cyber 2022 [Day 11]-Memory Forensics-Not all gifts are nice Write up Advent of Cyber 2022 [Day 14]-Packet Analysis | Simply having a wonderful pcap time — Simple Write… […]

CyberJunnkiePhishing Email Challenge by LetsDefend Joseph Moronwi at Digital InvestigatorMalware Threat Hunting With Volatility ForensafeInvestigating Android Sygic Fallen sky at InfoSec Write-upsEmail analysis : avoid phishing attacks Joe T. Sylve, Ph.D. 2022 APFS Advent Challenge Day 3 – Containers 2022 APFS Advent Challenge Day 4 – NX Superblock Objects 2022 APFS Advent Challenge Day 5 – […]

Andrew Rathbun and Eric ZimmermanEZ Tools Manuals Digital Forensics Discord ServerThe Hitchhiker’s Guide to DFIR: Experiences From Beginners and Experts – v1.2 Bill Thompson at OpenTextGetting to know your tools Liu Zhixiangcheckm8提取速查表：iPhone、iPad Derek EiriPractical Linux Forensics & a Mini Linux Forensics CTF David Stenhouse at DS ForensicsMy Time With The Judge ForensafeInvestigating Windows Defender James […]

Ali Alwashali at ‘HackDefend Labs’Sysinternals case writeup Paul Lorentz at CellebriteSmart Flow – A super-charged single step for extractions in UFED 7.60 Domiziana FotiLetsDefend- SOC112 — Traffic to Blacklisted IP Doug Metz at Baker Street ForensicsGroup collections from O365 with PowerShell ForensafeInvestigating iOS FACEBOOK Messenger Haircutfish TryHackMe MITRE Room-Task 3 ATT&CK® Framework TryHackMe MITRE Room- Task 1 […]

Cado Security Enhancing Cado Community Edition with Velociraptor WatchDog Continues to Target East Asian CSPs The Ultimate Guide to Ransomware Incident Response & Forensics Dr. Ali HadiChallenge #7 – SysInternals Case Oleg Afonin at Elcomsoft Advanced Logical Extraction with iOS Forensic Toolkit 8: Cheat Sheet Cloud Forensics: Obtaining iCloud Backups, Media Files and Synchronized Data […]

Blake ReganHow to create a forensic image of a physical hard drive using FTK Imager Alan Flora at CellebriteUsing Pathfinder to Avoid Ethical Dilemmas in Digital Forensics CTF导航 inctf Forensic复现 | Memlabs（下） inctf Forensic复现 | Memlabs（上） 电子取证之NTFS基础 Digital Forensics Myanmar Browser Forensics (Firefox, Chrome, Edge, Opera, Brave) Clear Browsing Data  Forensics (Firefox, Chrome, Edge, Opera, […]