Week 16 – 2022

Cado SecurityInvestigating AWS ECS with Cado Response Chris Vance at ‘D20 Forensics’[Air]Tag You’re It! DFIR Review Ain’t That a Kik in the Head: Kik Messenger iOS Analysis Case Study: Forensic Analysis of TikTok on iOS Oleg Afonin at ElcomsoftDecrypting Password-Protected DOC and XLS Files in Minutes ForensafeInvestigating Foxit Reader Erik Schamper at NCC GroupA brief […]

Week 15 – 2022

Joshua James at DFIRScience Getting started in DFIR: Conferences and Workshops Oculus Quest 2 First Impressions and Research Notes DiabloHornFirewall analysis: A portable graph based approach Didier Stevens.ISO Files With Office Maldocs & Protected View in Office 2019 and 2021 Oleg Afonin at ElcomsoftUnlock WordPerfect and Lotus Documents with Advanced Office Password Recovery Brian Bahtiarian, […]

Week 14 – 2022

Christopher Romano and Vaishnav Murthy at CrowdStrikeCloudy with a Chance of Unclear Mailbox Sync: CrowdStrike Services Identifies Logging Inconsistencies in Microsoft 365 Krzysztof Gajewski at CyberDefNerdWhy do the battery use and the battery level matter during the investigation? Oleg Afonin at ElcomsoftWindows 11 TPM Protection, Passwordless Sign-In and What You Can Do About Them ForensafeInvestigating […]

Week 13 – 2022

Ahmed MusaadAnalyse Large Log Files Using ELK Andrew MalecAnyDesk Remote Access Benjamin Bruppacher at Compass SecurityVPN Appliance Forensics Dr Brian Carrier at Cyber TriageCyber Triage Lite – Analyzing User Activity Oleg Afonin at ElcomsoftSimplifying Digital Triage with Bootable Forensic Tools ForensafeInvestigating Page File URL’s Forensic-Research[논문리뷰] 이메일 원격지 압수·수색의 적법성에 관한 소고 – 대법원 2017.11.29. 선고 […]

Week 12 – 2022

Andy SmithForensic Analysis of Citymapper for Android Belkasoft BelkaCTF “Kidnapper Case” write-up The case of a missing girl and the power of a memory dump ForensafeInvestigating Logon Banner Geri at ‘4n6 Ninja’(Air)Dropping some Knowledge: Using  RLEAPP to Identify the Phone Number Used in an AirDrop Transfer Google Workspace UpdatesView more information on email delegate activity […]

Week 11 – 2022

Amber Schroader at Cyber Social HubExpectations of Facebook Data Dr. Brian Carrier at Cyber TriageCyber Triage Lite – Network, Disk Image, and Memory Inputs Krzysztof Gajewski at CyberDefNerd Battery charge level and its importance in forensics investigations. Quick analysis of the Internet Download Manager history using RegRipper plugins. Digital Forensics MyanmarFTK Imager ကိုဘာလို့နမူနာထားပြတာလဲ ForensafeInvestigating Windows […]

Week 10 – 2022

Kevin Ripa at SANSThe Truth About USB Device Serial Numbers – (and the lies your tools tell) Kibaffo33Decoding Vaulty Dr. Neal Krawetz at ‘The Hacker Factor Blog’Information Warfare ForensafeInvestigating ThumbCache Forensic-ResearchVirtualBox 가상머신의 메모리 덤프 추출 Magnet Forensics Analysis of Hikvision Date/Time DFIR in Zero-Trust Environments: Utilizing AXIOM Cyber for Remote Collection with Zscaler Data Recovery […]

This Month In 4n6 – February – 2022

A monthly wrap-up of the DFIR news for February 2022. Thank you to those Patreon donors for the last month. This project takes a lot of time, so it’s very much appreciated that people see enough value in it to contribute back 🙂 If you are a Patreon donor the show notes will be found here. Special […]

Week 09 – 2022

Kevin RipaThe Truth About USB Device Serial Numbers – (and the lies your tools tell) BelkasoftWhy RAM dumping is so important and what tool to use? CellebriteIsolating Devices to Preserve Evidence Cheeky4n6MonkeyMonkey Attempts To Digest Some Google Takeout (DetectedActivitys) Digital Forensics MyanmarCHFI-V10-Dark Web-Note ForensafeInvestigating Windows Recycle Bin Herbie Zimmerman at “Lost in Security”2022-02-26 Quick Post […]

Week 08 – 2022

Abdallah Elnoty2019 Defcon DFIR CTF Write-up (Memory Forensics) Camille LoreParsing Google Voice Search CellebriteCellebrite Announces Fourth Quarter and Full Year 2021 Results Dr. Neal Krawetz at ‘The Hacker Factor Blog’Three Minute Forgeries Elcomsoft Dude, Where Are My Messages? GPU Acceleration On The Cheap: Using Affordable Video Cards to Break Passwords Faster ForensafeInvestigating PowerShell InfoSec Write-ups […]