Week 26 – 2021

Alex Caithness at CCLChromium Session Storage and Local Storage BelkasoftBelkasoft CTF June 2021: Write-up CrowdStrikeResponse When Minutes Matter: Falcon Complete Disrupts WIZARD SPIDER eCrime Operators DFIR ReviewUpgrade From NULL—Detecting iOS Wipe Artifacts Forensafe Investigating User Accounts Investigating Zoom Joshua Hickman at ‘The Binary Hick’Apple’s Find My & iCloud’s Throne of Lies Kevin Pagano at Stark […]

Week 25 – 2021

Amber Schroader at Paraben CorporationTikTok Smartphone Evidence Marco Fontani at AmpedHow Can I View and Show the Date and Time of a CCTV Video File? AmrChapter 7 – Registry Analysis Chris Vance at ‘D20 Forensics’ iOS – Tracking Device Migration Android – Tracking Device Migration Oleg Afonin at Elcomsoft Analyzing Microsoft Timeline, OneDrive and Personal […]

Week 24 – 2021

Paul Masek at 4sysopsUsing the Convert-EventLogRecord function alongside the Get-WinEvent PowerShell cmdlet to search Windows event logs AcelabThe PC-3000 Mobile: the Support of Per-File Encryption for the F2FS File System Korstiaan Stam at Cloud ResponseCyberDefenders – Series (Malware Traffic Analysis 3 – Packet Analysis) Patrick Bennett at CrowdStrikeUAL Thank Us Later: Leveraging User Access Logging […]

Week 23 – 2021

Marco Fontani at AmpedHow Can I Find Which Are CCTV Video Files on a USB Drive? Andrea Fortuna at ‘So Long, and Thanks for All the Fish’dfir_ntfs: a forensic parser for NTFS filesystems DS4N6[NEWS]  DAISY documentation updated, including Demo version precooked content and RAM configurations Elcomsoft Password Crackers’ Gold Mine: Browser Passwords Breaking VeraCrypt: Obtaining […]

This Month In 4n6 – May – 2021

A monthly wrap-up of the DFIR news for May 2021. Thank you to those Patreon donors for the last month. This project takes a lot of time, so it’s very much appreciated that people see enough value in it to contribute back 🙂 If you are a Patreon donor the show notes will be found here. Special […]

Week 22 – 2021

Voting for the annual Forensic 4cast Awards has opened! Thank you Lee for your tireless efforts yet again. Congratulations to everyone that was nominated for an award, and thank you everyone for nominating this website as one of the “Resource of the Year” finalists, against very worthy competition. Of course, I’d be happy to take […]

Week 21 – 2021

Andrea Fortuna at ‘So Long, and Thanks for All the Fish’iLEAPP: an iOS logs, events, and plists parser Angry-Bender’s blog houseNegative Decimal DWORD to Human Format BelkasoftBelkasoft CTF May 2021: Write-up Elcomsoft A Tale of One iPhone Backup Password The File System Dirty Bit Guide: Forensically Sound Extraction of iPhone 5s, 6, 6s and SE […]

Week 20 – 2021

Andrea Fortuna at ‘So Long, and Thanks for All the Fish’iOS Forensics: how to perform a logical acquisition with libimobiledevice Ashley PearsonVolatility 3 Cheatsheet Doug Metz at Baker Street ForensicsCollecting from Microsoft Teams using PowerShell Jess Garcia at DS4N6[BLOG]  DS4N6 – The Road So Far – Part II, by  Jess Garcia Forensafe Windows Wireless Networks […]

Week 19 – 2021

Angry-Bender’s blog houseDFIR Playbook – Windows Forensics(WIP APR21) John Walther at Carpe IndiciumCleaner Office365 logs with Excel and Magnet Custom Artifact Generator Heather Mahalik at CellebriteUFED Fundamentals Matter – You Asked, We Answered Dexter Morgan at Data ForensicsHow to Find Who Deleted Records in SQL Server? Perfect Workarounds Dr. Neal Krawetz at ‘The Hacker Factor […]

This Month In 4n6 – April – 2021

A monthly wrap-up of the DFIR news for April 2021. Special thanks to guest host Chapin Bryce, who offered to share his thoughts this month since I wasn’t able to put the podcast together. Thank you to those Patreon donors for the last month. This project takes a lot of time, so it’s very much appreciated that […]