This paper documents anti-forensics techniques of a secure messaging application named “Wickr” on the Android platforms. Advertised as an application that focuses on security, Wickr provides many anti-forensics features, such as ephemeral messaging and end-to-end encryption. This paper analyses Wickr in detail using experimental research methods. The results revealed how Wickr’s file deletion consisted of distinct stages beginning with a …

In this article the authors give an overview of the current status of the forensic analysis techniques and processes of cloud incidents.

In this article forensic artefacts of Windows 10 Facebook App are extracted from SQLite databases and their forensic importance is discussed.

Here is Andrew Case’ presentation on memory forensics of Linux and Mac systems from Enfuse 2016.

Here is Patrick Wardle’s presentation from RSA Conference USA 2016 on practical OS X malware detection and analysis.

We suggest starting 2017 from improving your organisation’s digital forensics and incident response (DFIR) capabilities with Matt Swann‘s Incident Response Hierarchy of Needs. Reading this article by Russ McRee you will learn about all phases of the hierarchy: inventory, telemetry, detection, triage, threats, behaviors, hunt, track, act.

Joshua Trombley has published a useful tutorial in his OpenSec Labs blog on how to install Volatility on Ubuntu on Windows 10.

Matt Bromiley has published a very useful post on forensic analysis of Volume Shadow Copies.

Impfuzzy for Volatility is a tool created by JPCERT/CC, which can be used for extracting known malware from memory images.

If you are interested in memory forensics, and especially in identifying malware in memory dumps, this post by Adam Bridge may be very interesting for you.