Forensic Review with Notepad++
In this post Hoyt Harness writes about how to add Plugin Manager to Notepad++ and make it very extensible and useful for digital forensics.
In this post Hoyt Harness writes about how to add Plugin Manager to Notepad++ and make it very extensible and useful for digital forensics.
In this post Christopher Vance is writing about using advanced MTP to extract data from a Samsung mobile device. This method will allow you to create a quick image of the /media/ directory located in the /data/ or /userdata/ partition on a device for Samsung devices that have not received either the SMR-OCT-2017 or SMR-NOV-2017 security update (the exact update in …
In the post the authors describe VMWare incident response process based on the following steps: 1. Contact with consultee 2. Acquisition of Evidence 3. Disk Forensics 4. Memory Forensics 5. Reverse Engineering of Collected Evidence 6. Timelining 7. Recommendations
Jonathon Poling has published a very useful post about forensicating RDP-related event logs. You will learn a lot about the following event IDs: 1149, 4624, 4625, 21, 22, 24, 25, 39, 40, 4778, 4779, 23, 4634, 4647 and 9009. You can find the post here.
Tom Sela has posted an updated version of his paper originally published in the March 2017 edition of eForensics Magazine. This article discusses two artifacts identified by the author as being significantly helpful when solving incidents: command prompt history and console output.
Sarah Edwards has published the second part of her “iOS Imaging on the Cheap” series. This time the post includes the jailbreaks for iOS 10.3.3 using Meridian and iOS 11 using LiberiOS. You can read the tutorial here.
Here is another post by Another Forensics Blog (Mari Degrazia) about mounting Apple File System (APFS). This time you will learn about how to mount an APFS image in Linux.
In the first post of the new year Mari Degrazia is writing about mounting APFS images in Windows. The thing is, Paragon has a free (preview) driver to mount APFS volumes in Windows! So with conjunction with our favourite Arsenal Image Mounter you can easily mount and browse APFS images with your Windows workstation.
Jessica Hyde (Magnet Forensics) and Brian Moran (BriMorLabs) have presented a document summarizing the URLs to query from Amazon to return some of the Amazon Echosystem data. You can find the results of their research here.
This post by TM4n6 covers the use of the Android Debug Bridge (ADB) command-line tool on Linux. It focuses on the extraction of forensically relevant data from mobile devices packaged with the Android Operating System developed by Google.
Login