Black Bag Training Team continues Windows Forensic Essentials Blog Series with a post about forensic examination of Windows Event Logs. They explain what event logs are, how to parse it with their tool – BlackLight®, discuss log-on events and changing the date and time.
-
Recover Deleted Records in Windows.edb with WinSearchDBAnalyzer
WinSearchDBAnalyzer by Jeonghyeon Kim can parse normal records and recover deleted records… -
Visual Analysis with ProcDOT
In the new episode of “Introduction to Malware Analysis” series Richard Davis … -
Amcache Forensics: Populated or Not?
New Sunday – new Funday! This week’s Sunday Funday presented the following cha…
Load More Related Articles
-
Digging Up the Past: Windows Registry Forensics Revisited
David Via from FireEye has written a very good article focused on the following known sour… -
Extracting Activity History from PowerShell Process Dumps
Lee Holmes has posted about how to extract activity history from PowerShell process dumps.… -
An introduction to file-system post-mortem forensic analysis
Computer Incident Response Center of Luxembourg has published materials used during their …
Load More In How To