Dan Pullega has published a useful “forensics quickie” in his blog. In the post he shows how to access and copy files out of Volume Shadow Copies (VSCs) from live systems remotely.
-
Epochalypse: Utility to Convert Epoch Timestamps
Epochalypse utility by Pasquale Stirparo has been updated. Now it supports APFS timestamps… -
Forensic Analytics for Acquiring and Preserving Reliable Data from Cloud Hypervisors
Cloud computing is this decade’s major computing advancement. Many business enterpri… -
Using the Office 365 Activities API to Investigate Business Email Compromises
Business email compromises (BECs) are a big problem across a multitude of industries. Just…
Load More Related Articles
-
Detecting script-based attacks on Linux
In this post John Booth describes how to detect encoded or obfuscated command-lines used b… -
-
XFS (Part 1) – The Superblock
Hal Pomeranz has started a series of blog posts about forensic analysis of XFS file system…
Load More In Tips & Tricks
