Week 13 – 2023

Ahmed BelhadjadjiWindows Forensics Challenge Walkthrough (LETSDEFEND) Emma Sousa at Forgotten Nook CyberDefenders – Insider CyberDefenders – L’espion Eric Capuano Find Threats in Event Logs with Hayabusa A “Thank You” to Paid Subscribers So you want to be a SOC Analyst? Part 4 Forensafe Investigating Windows BitTorrent Investigating Windows Avira Antivirus Khris Tolbert at MaverisLabsHTB: CA2023 — Forensics […]

Week 12 – 2023

BelkasoftLagging for the Win: Querying for Negative Evidence in the sms.db David Spreadborough at AmpedCCTV Acquisition – Search and Trawl eForensics The Lockbit 3 Black Forensics Analysis: Memory Forensics Modern Approach (Part III) How to Better Prepare for a Memory Forensics Investigation Rooting Androids for Forensics iPhone Forensics Analyzing Malware Mobile Apps with VirusTotal Enterprise […]

Week 11 – 2023

Ahmed BelhadjadjiExamine the Cache, Cookies, and History Recorded in Web Browsers Belkasoft Walkthrough: Sigma Rules in Belkasoft X Basic but significant legal issues in the Casey Anthony Case Doug Metz at Baker Street ForensicsNSRL Query from the Command Line Eric CapuanoMounting E01 Forensic Images in Linux Foxton ForensicsAnalysing Safari browser history InfoSec Write-upsWindows Forensic 101: How […]

Week 10 – 2023

David Spreadborough at AmpedCCTV – The Beginners Guide Matt Danner at Cyber Social Hub3 Ways Programming Skills Can Help You Succeed In DFIR Dr. Tristan Jenkinson at ‘The eDiscovery Channel’The Importance of Data that Doesn’t Exist – Part Three (Missing Metadata – A Case Study) Forensafe Investigating Windows 1Password Investigating Windows Unigram Jerry ChangMason TCTF […]

Week 9 – 2023

Rushed last week and didn’t include Lee Whitfield’s post notifying the community that nominations for the 2023 Forensic 4Cast Awards is now open. Emi Polito at AmpedLearn How to Remove Sensitive Audio in Amped Replay: Ready, Steady, Redact! Amr AshrafRansomeWare Investigation Oleg Afonin at Elcomsoft Password Recovery and Data Decryption: Getting Around and About Right […]

Week 8 – 2023

David Spreadborough at AmpedIntroduction to CCTV Acquisition Dany at DigitellaExploitation Kit Network Traffic Investigation Forensafe Investigating Windows F-Secure Investigating Windows OpenVPN Magnet ForensicsUnderstanding Messages in Apple’s Cloud & Processing Warrant Returns Paolo Dal Checco at Studio d’Informatica ForenseManuale ENFSI per l’analisi dell’autenticità delle registrazioni digitali John Lukach at 4n6irNew Amazon Linux Triage Detection Adam Todd […]

Week 7 – 2023

Aditya PratapAcquisition & Analysis for Apple Devices Amanda Berlin at BlumiraWhat Are Event Logs and Why Do They Matter Cado Security and Invictus Incident ResponseCase Study Continued: Responding to an Attack in AWS Digital Forensics Myanmar eCDFP Module (5) File System Analysis (Part-12)  (NTFS File System Analysis) eCDFP Module (5) File System Analysis (Part-13)  (NTFS […]

Week 6 – 2023

Adam Cohen Hillel at Cado SecurityCado + GPT-3: Interactive Incident Response Digital Forensics Myanmar SQLite Database  Forensics (Note) eCDFP Module (5) File System Analysis (Part-11)  (NTFS File System Analysis) Doug Metz at Baker Street ForensicsKAPE batch mode, ARM Memory, updates to CSIRT-Collect, and all the things I learned along the way. Oleg Afonin at ElcomsoftForensically […]

Week 5 – 2023

Ali HadiAnit-Forensics Brian Carrier at Cyber TriageAnalyzing KAPE DFIR Artifacts in Cyber Triage Dany at DigitellaCyberDefenders HoneyBOT Challenge Write-up Derek EiriRetrieving Registry Values to Decrypt Files Protected with DDPE Dr. Neal Krawetz at ‘The Hacker Factor Blog’An Itty Midi Mystery Dr. Tristan Jenkinson at ‘The eDiscovery Channel’The Importance of Data that Doesn’t Exist – Part […]

Week 4 – 2023

Adam at HexacornExcelling at Excel, Part 3 Emi Polito at AmpedMeasuring in a Scene: What Filters to Use in Amped FIVE? Cado SecurityCase Study: Responding to an Attack in AWS Craig Ball at ‘Ball in your Court’Not So Fine Principle Nine Dany at DigitellaCyberDefenders PCAP Or It Didn’t Happen Challenge Write Up Domiziana FotiLetsDefend-SOC163 — Suspicious Certutil.exe […]