The first beta Linux version of your favourite open source DFIR tool Autopsy. You can download it here. Now the tool has the following known limitations: Multi-user cases are not supported Local drives cannot be analyzed VMDK / VHDI images not supported Dead JAR issues if you ever run as ‘root’. Other users can’t overwrite one of the .so files. …
Jason Hale has presented his USB Detective tool in this post. USB Detective aims to ease the burden on the examiner by visually distinguishing attributes with inconsistent timestamps from those with multiple corroborating sources. You can download free community version of the tool or buy professional version here.
Polito Inc. has partnered with ReversingLabs (RL) and has developed a plugin extension called ReversingLabs Lookup Utility for Autopsy. You can download the plugin from their GitHub repo. Also, you can learn more about the plugin and its installation steps here.
The Sleuth Kit and Autopsy 4.6.0 are available for downloading. Here are the lists of new features: The Sleuth Kit New Communications related Java classes and database tables Java build updates for Autopsy Linux build Blackboard artifacts are now Content objects in Java and part of tsk_objects table in database Increased cache sizes Lots of bounds checking fixes from Google’s …
Threat Hunting Reconnaissance Toolkit or THRecon is a collection of PowerShell scripts by Tony Phipps, which can be very useful during live response. You can fast and easily collect such important artifacts, as autoruns, event logs, USB devices, services, scheduled tasks, etc. You can download the toolkit here.
PcapXray is a network forensics tool for visualizing packet captures offline as network diagrams including device identification, highlighting important communication and file extraction. You can learn more about the tool and download it here.
Transit is a MacOS IR toolkit written by Joey Pistone while on the train. It can pull the following inforamtion from the system: 1. Run a full informational scan 2. Gather preference lists for all users 3. Gather preference lists for one user 4. Gather all Root level preference lists (May require root) 5. Tar up log directories 6. Gather system …
Yogesh Khatri has recently posted about forensicating Notes database on macOS. He shows locations of coresponding databases depending on OS version, presents SQL queries to parse the data, and notes that his tool, mac_apt, can parse it automatically.
Sergey Golovanov from Kaspersky Lab has announced a new EVTX parser. One of its great features is different operating systems support, so it doesn’t matter if you use a Windows workstation, a MacBook or a Linux WS – all of them are supported. If you’ve decided to give it a try – go straight to GitHub.
From AccessData website: “Starting February 1, 2018, AccessData will begin charging an administrative fee of $100 for taking the ACE certification tests through the testing system. Costs associated with offering and administering the testing system continues to rise. While we regret having to implement this fee, this is in line with other companies in the field who also charge a …
Login
