Here is an article by William Tan describing the usage of OS X FSEvents to discover deleted malicious artifacts. Reading this text you will learn about the File System Events (FSEvents), parsing them with David Cowen’s script FSEventsParser and using the results to detect OS X Malware.
-
Native File Format for Preservation of Cloud Emails
In this blog post Arman Gungor discusses the problem of cloud emails native file format. H… -
Digital Forensic Diaries
Digital Forensic Diaries series by Mike Sheward is available for free this week. You can g… -
Detecting Lateral Movement through Tracking Event Logs
Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) presented an 80-pag…
Load More Related Articles
-
Native File Format for Preservation of Cloud Emails
In this blog post Arman Gungor discusses the problem of cloud emails native file format. H… -
JTAG Acquisition in Mobile Forensics: The Forensics Analyst’s Guide
Ahmed Hashad from 701 Labs has published a brief guide on using JTAG acquisition in mobile… -
Chainsaw of Custody: Manipulating forensic evidence the easy way
Wolfgang Ettlinger from SEC Consult Vulnerability Lab has published an interesting researc…
Load More In Tips & Tricks
