Here is an article by William Tan describing the usage of OS X FSEvents to discover deleted malicious artifacts. Reading this text you will learn about the File System Events (FSEvents), parsing them with David Cowen’s script FSEventsParser and using the results to detect OS X Malware.
-
Digital Forensics and Incident Response (DFIR) for ICS Embedded Devices
Chris Sistrunk of Mandiant shows tools and tips on the very new field of DFIR for PLC̵… -
Finding and Decoding Malicious PowerShell Scripts
Mari DeGrazia has published a very useful post, which will help you to learn how to find a… -
Autopsy 4.5.0 and the Sleuth Kit 4.5.0 have been released
The new versions of your favourite open source digital forensics tools – the Sleuth …
Load More Related Articles
-
Memory Forensics in Clouds and Containers
Alex Maestretti has published an interesting post about userland memory acquisition and ta… -
Automating Large-Scale Memory Forensics
Henrik Johansen has published a post about how to automate memory forensics process as muc… -
APFS Timestamps
Yogesh Khatri has started his journey in Apple File System reverse engineering. He has che…
Load More In Tips & Tricks
