Just a reminder that the nominations for the Forensic 4Cast awards are still open and if you haven’t already, head over here to submit your nominations. If you’d like to nominate this blog it would be very much appreciated 🙂 FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog continues to look at the Bam […]

  I’ve been told I need to promote the Patreon link. It’s here if you’re interested 🙂 FORENSIC ANALYSIS Kasasagi at ‘Apprentice forensic ‘s note’ has identified the ‘bam’ key in the Windows registry that stores the full path of an executable and the last execution time. It is indicated that this is only written […]

FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog utilises Teru Yamazaki’s USN parsing utility to identify deleted files and folders in the journal USN Analytics と Folder Arsenal Consulting has shared a couple of articles (one was from last week and I missed it, sorry!) They have put together an infographic on the Windows […]

FORENSIC ANALYSIS There were a few posts by Cyber Forensicator this week They shared a link to Florian Roth’s APT simulator APT Simulator They shared a thesis by Thomas Schreck titled “IT Security Incident Response: Current State, Emerging Problems, and New Approaches” IT Security Incident Response: Current State, Emerging Problems, and New Approaches They shared […]

FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog shows the affects some file actions have on an NTFS MFT record’s Fixup value and update sequence. Fixup と Update Sequence Number Adam Harrison at 1234n6 walks through the process of rebuilding a hardware RAID in Encase 7/8. As a side note, Adam wrote this post […]