In this video Joshua James uses SSDEEP to create fuzzy hashes of text and image files, and compare the similarity between files in a directory. SSDEEP is used to create hashes that are not exact matches, but instead compare similarity between two files at the binary level. It can be used to look for modified and original documents, or compare …

In this article Lenny Zeltser discusses the phenomenon of “fileless malware”. You’ll learn about known threats and also get some alternatives to saying “fileless malware”.

AFF4 (Advanced Forensics File Format v4.0) is the new standard in forensic imaging, a new container format for storing digital evidence which accelerates the digital forensic and incident response workflow. Reading this post you will learn how to add AFF4 support to The Sleuth Kit and Volatility on your Mac workstation.

Arman Gungor from Meridian Discovery has posted an article on forensic analysis of Microsoft Outlook attachments. In the article he performs in-depth analysis of Outlook attachments timestamps from a forensic point of view.

As you must already know, a massive cyber attack with Petya ransomware emerged yesterday, a month from notorious WannaCry attack. This isn’t the original Petya, but a modified sample, which is much more sophisticated. This piece of ransomware not only encrypts files, but also MFT, overwrites MBR and has custom bootloader, showing attackers’ message. If you are already infected, it’s …

Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) presented an 80-page guide on how to detect lateral movement through tracking event logs.

Basil Alawi S.Taher has posted a nice overview of how to start using VolUtility – a web frontend for Volatility framework. If you don’t like command line tools and you hate remembering plugins –  VolUtility is a very useful tool for you.

Joshua James has published a video-tutorial on how to build Linux kernel profiles for memory forensics with Volatility. He notes that Linux kernel changes data structures and debug symbols often, so it’s very important for a digital forensics examiner to be able to create Linux profiles for the version of Linux that he or she is trying to analyze.

Nicole Ibrahim has published a post on FSEvents forensics. In this post she is covering a high-level overview of Apple FSEvents logs that are stored to disk including background information and behavior of FSEvents, mainly dealing with OS X but also touching on iOS.

Ted Smith has published a video tutorial on how to view digital evidence remotely using X-Ways Investigator CTR: