Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) presented an 80-page guide on how to detect lateral movement through tracking event logs.

Basil Alawi S.Taher has posted a nice overview of how to start using VolUtility – a web frontend for Volatility framework. If you don’t like command line tools and you hate remembering plugins –  VolUtility is a very useful tool for you.

Joshua James has published a video-tutorial on how to build Linux kernel profiles for memory forensics with Volatility. He notes that Linux kernel changes data structures and debug symbols often, so it’s very important for a digital forensics examiner to be able to create Linux profiles for the version of Linux that he or she is trying to analyze.

Nicole Ibrahim has published a post on FSEvents forensics. In this post she is covering a high-level overview of Apple FSEvents logs that are stored to disk including background information and behavior of FSEvents, mainly dealing with OS X but also touching on iOS.

Ted Smith has published a video tutorial on how to view digital evidence remotely using X-Ways Investigator CTR:

James Grant has posted his findings from an analysis of a Ford Sync first generation module he undertook as part of his master’s project at university into vehicle forensics.

Eyal Neemany has published a post on how to use PowerShell to expose command line shells history. He notes that the biggest trend in the last few years is the use of Non-Malware attacks. There are a few reasons why we see increased use of scripting language based malwares: Some of them are installed by default on every Windows operating system. …

This response plan includes steps to contain the threat, hunt for existing infections, and remediation. Following is a list of tasks that should be performed across your organization. These tasks can and should be parallelized. The patching process can be slower but it’s important to start as soon as possible, even while containment is taking place. The authors recommend automation …

In this video Mark Baggett will show you how you can use a tool named SRUM-DUMP to capture critical DFIR (Digital Forensics and Incident Response) data like the dates and times processes were executed, which networks they used, how much data was transmitted and received, the Security Identifier of the user that launched the process and more. Then Mark will …

Preston Miller from DPM Forensics has published a post on how to recover data from damaged USBs. In the post he discusses a few methods can be used to extract data from a broken USB device. You’ll learn how to remove the chip from the board and how to solder it onto the donor.