Parsing Carved EVTX Records Using EvtxECmd
Teru Yamazaki has posted about how to extract Windows Event Log files from allocated space, Volume Shadow Copies, carve them…
-
Using MITRE ATT&CK for Forensics: BITS Jobs (T1197)
If you are doing incident response, you must know what MITRE ATT&CK is. As it’s …
-
Deleting Any Message from Both Ends in Telegram: How Will It Impact Mobile Forensics?
On Marth 24th Telegram released a new version of their messenger, and introduced a new fea…
-
Incident Forensics Lifecycle
Recently I’m becoming more and more interested in cyber threat intelligence. I even …
Cyber Forensics Blog
PowerShell and Python Together: Targeting Digital Investigations
A new book by Chet Hosmer has been released. The book will teach you how to use PowerShell and Python for conducting digital…
Finding Registry Malware Persistence with RECmd
Chad Tilbury has writen a post on how to use Eric Zimmerman’s RECmd and its batch files to uncover malware persistence…
Autopsy 4.11.0 Released
The new version of Autopsy has been released. New Features: Adding Data: Hashes can optionally be entered when adding a disk…
Show More News
