Shining a light on Spotlight: Leveraging Apple’s desktop search utility to recover deleted file metadata on macOS
Spotlight is a proprietary desktop search technology released by Apple in 2004 for its Macintosh operating system Mac OS X 1…
-
Incident Forensics Lifecycle
Recently I’m becoming more and more interested in cyber threat intelligence. I even …
-
Amcache Forensics: Populated or Not?
New Sunday – new Funday! This week’s Sunday Funday presented the following cha…
-
Shellbags Forensics: Directory Viewing Preferences
Had some free time last week, so decided to participate in David Cowen’s Sunday Fund…
Cyber Forensics Blog
Introduction to KAPE
The new episode of Richard Davis’ “Introduction to Windows Forensics” covers an exciting new tool from Kro…
Damaged Device Forensics
Steve Watson discusses his research at DFRWS US 2018: …
AutoMacTC: Automated Mac Forensic Triage Collector
AutoMacTC is a modular forensic triage collection framework designed to access various forensic artifacts on macOS, parse th…
Show More News
