Akash PatelDigging into Google Analytics & HubSpot Cookies for Forensics Christopher Eng at Ogmini Random Thoughts – Implications of MSIX App Containerization 010 Editor – RegistryHive Binary Template Registry Hive – Revisiting Documentation Registry Hive – Data Types Registry Hive – Data Types Part 2 Registry Hive – Data Types Part 3 My Methodology for […]

ThinkDFIRCached screenshots on Windows 11 Akash PatelLet’s Talk About HTTP — The Backbone of the Web (And a Goldmine for DFIR Folks) BelkasoftAutomating Digital Forensic Workflows with Belkasoft X Christopher Eng at Ogmini SSD Forensics – Flex Capacity Expectations vs Reality – Digital Forensic Science Master’s Degree Part 8 Windows Notepad – Recent Files (New Option) Windows […]

Akash Patel Where Do We Begin? A Network Forensic Investigator’s Steps The Silent Journey: A Cautionary Tale in Cyber Risk John Hyla at Blue Crew ForensicsiOS Stream Names Christopher Eng at Ogmini Zeltser Challenge – Fifth Month Accomplishments 2025 New York State Cybersecurity Conference RDCMan – Cracking DPAPI w/mimikatz Windows Notepad Parser – Documentation Update […]

Akash PatelMaster Wireshark tool Like a Pro: — The Ultimate Packet Analysis Guide for Real-World Analysts CCL SolutionsInvestigating PolyBuzz on Android Christopher Eng at Ogmini Remote Desktop Manager – Artifacts Part 6 Random Thoughts – System Naming RDCMan – Verifying DPAPI Activity WinFE Training – Completed RDCMan – Importance of DPAPI Activity SANS – Ransomware Summit 2025 […]

Akash PatelForensic Analysis of SQLite Databases Alexis Brignoni at ‘Initialization Vectors’Extraction, Processing, & Querying Apple Unified Logs from an iOS Device Alexander Fehrmann at AmpedProcessing Impression Evidence in Amped FIVE Brian MaloneyOneDrive Evolution and Schema Updates Christopher Eng at Ogmini DPAPI – Audit DPAPI Activity Remote Desktop Manager – Artifacts Remote Desktop Manager – Artifacts […]

Akash Patel Proxies in DFIR– Deep Dive into Squid Log & Cache Forensics with Calamaris and Extraction… BPF Ninja: Making Sense of Tcpdump, Wireshark, and the PCAP World Brian MaloneyOneDriveExplorer now supports Microsoft.FileUsageSync.db Christopher Eng at Ogmini Reading up on Volatility Pearson – Cyberattack Volatility3 – Windows 11 24H2 Memory Dump issues? WinFE Training – […]

Akash Patel Linux File System Analysis and Linux File Recovery: EXT2/3/4 Techniques Using Debugfs, Ext4magic &… Understanding Linux: Kernel Logs, Syslogs, Authentication Logs, and User Management Alexander Fehrmann at AmpedForensic Shoeprint Documentation and Analysis with Amped FIVE Atola TechnologyTips for Finding Evidence on Linux File Systems & Storage Devices Christopher Eng at Ogmini Revisiting ShimCache/AmCache […]

Adam at HexacornMinority (forensic) report aka defending forward w/o hacking back Akash Patel Creating a Timeline for Linux Triage with fls, mactime, and Plaso (Log2Timeline) Understanding Linux Service Management Systems and Persistence Mechanisms in System Compromise Timestomping in Linux: Techniques, Detection, and Forensic Insights BelkasoftSkype Forensics Postmortem: Why DFIR Specialists Should Still Care Christopher Eng […]

Akash Patel Understanding Rootkits: The Ultimate Cybersecurity Nightmare and Direct Kernel Object Manipulation Understanding Userland Hooks and Rootkits in Real-World Investigations Extracting Memory Objects with MemProcFS/Volatility3/Bstrings: A Practical Guide Disk Imaging (Part 1) : Memory Acquisition & Encryption Checking Digital Forensics (Part 2): The Importance of Rapid Triage Collection — Kape vs FTK Imager Amped Forensic Fingerprint Analysis: […]

Akash Patel P13 Analyzing Safari Browser, Apple Mail Data and Recents Database Artifacts on macOS Intrusion Analysis and Incident Response on macOS: File Quarantine, Antivirus Mechanisms, and… P14 Using APOLLO for macOS investigation Christopher Eng at Ogmini Expectations vs Reality – Digital Forensic Science Master’s Degree Part 7 David Cowen Sunday Funday Challenge – Browser […]