Week 35 – 2021

Andrew RathbunDFIRMindMaps Andrew Rathbun and Josh Mitchell at Kroll Diving Deeper into EventTranscript.db Enabling EventTranscript.db: Windows Settings EventTranscript.db and Security Events Diagnostic Data Viewer Overview Navigating EventTranscript.db With Diagnostic Data Viewer Forensic Quick Wins With EventTranscript.DB: Microsoft.Windows.ClipboardHistory.Service Tony Knutson at AboutDFIRSOF-ELK and Integration with KAPE Atomic MatryoshkaPesky Persistence: How “Turning It Off and On Again” […]

Week 34 – 2021

ArcPoint ForensicsBitlocker Detection From The Command Line Arman Gungor at MetaspikeTrusted Timestamping (RFC 3161) in Digital Forensics Amina Zilic at BinalyzeDRONE: Generic Webshell Analyzer Elcomsoft Apple Watch Forensics: The Adapters NAS Forensics: TrueNAS Encryption Overview Forensafe Investigating Adobe Acrobat Reader Solving Lost Flash Drive Challenge with ArtiFast Windows InfoSec Write-upsBasic Splunk 101 Walkthrough Tryhackme Kevin […]

Week 33 – 2021

BelkasoftHow to acquire data from an Android device using APK downgrade method ForensafeInvestigating Signal with ArtiFast Signal Kevin Pagano at Stark 4N6May I Ask Who’s Calling – Google Call Screen Matt Lombana at PraetorianHow to improve your Incident Response (IR) with Live Response Security Onion Quick Malware Analysis: malware-traffic-analysis.net pcap from 2021-05-26 Quick Malware Analysis: […]

Week 32 – 2021

Forensafe Investigating LastVisitedMRU Investigating Google Drive InfoSec Write-upsAutopsy Walkthrough Tryhackme Kevin Pagano at Stark 4N6Google Duo – Android & iOS Forensic Analysis Microsoft 365 SecurityDFIR: Windows and Active Directory Attacks and Persistence Doug Burks at Security Onion Quick Malware Analysis: malware-traffic-analysis.net pcap from 2021-06-03 Quick Malware Analysis: malware-traffic-analysis.net pcap from 2021-06-02 Quick Malware Analysis: malware-traffic-analysis.net […]

This Month In 4n6 – July – 2021

A monthly wrap-up of the DFIR news for July 2021. Thank you to those Patreon donors for the last month. This project takes a lot of time, so it’s very much appreciated that people see enough value in it to contribute back 🙂 If you are a Patreon donor the show notes will be found here. Special […]

Week 31 – 2021

Lee has opened up nominations for the 2022 Forensic 4Cast Awards. This means that people can start nominating folks this year!2022 Forensic 4:cast Awards – Nominations are Open! Bob RudisAcoustic: Solving a CyberDefenders PCAP SIP/RTP Challenge with R, Zeek, tshark (& friends) DFIR ReviewMissing SQLite Records Analysis Forensafe Investigating Brave Web Browser Investigating OpenSaveMRU InfoSec […]

Week 30 – 2021

Thanks to everyone that voted for this site for “Resource of the Year”. Congratulations to all of the winners!2021 Forensic 4:cast Awards – Results Alexis Brignoni at ‘Initialization Vectors’vLEAPP – Vehicle Logs Events And Properties Parser Howie Shia at Amnesty InternationalForensic Methodology Report: How to catch NSO Group’s Pegasus Bill Marczak, John Scott-Railton, Siena Anstis, […]

Week 29 – 2021

Last week to get your votes in for the Forensic 4Cast Awards! If you haven’t voted yet, you can votes here: don’t delay! While I would love to win an award again, getting nominated as a top resource for the community is definitely something to be proud of (this will be my fifth year getting […]

Week 28 – 2021

Kroll Forensically Unpacking EventTranscript.db: An Investigative Series EventTranscript.db Research Parsing Diagnostic Data With Powershell and Enhanced Logging Parsing EventTranscript.db With KAPE and SQLECmd Forensic Quick Wins With EventTranscript.DB: Win32kTraceLogging EventTranscript.db vs .rbs Files and Their Relation to DiagTrack Andrea Fortuna at ‘So Long, and Thanks for All the Fish’Some thoughts about Stuxnet B. Krishna Sai […]

Week 27 – 2021

Brendan Bone at AccessDataHow to run FTK Imager from a flash drive (Imager Lite) Dr. Neal Krawetz at ‘The Hacker Factor Blog’Up to your knees in alterations Forensafe Investigating UC Web Browser Investigating Windows OneDrive Kevin Pagano at Stark 4N6Turbo Pt. 3 – Device Health Services Application Usage Maxim SuhanovShadow copies become less visible Not […]