New version of FSEventsParser has been released. FSEvents files are written to disk by OS X apis and contain historical records of events that occurred for the partition. They are stored in the root of the partition within the directory ‘/.fseventsd/’. FSEvent files can be found on the OS X system partition and can also be found on external storage devices that …

PassMark Software has released a beta version of Volatility Workbench – a graphical user interface (GUI) for the Volatility tool. Volatility Workbench is free, open source and runs in Windows. It provides a number of advantages over the command line version including: No need to remember command line parameters Storage of the operating system profile, KDBG address and process list with the memory …

Mark McKinnon has written a plugin that will export the /.fseventsd directory to the temp folder and will then call an executable program that will parse the data into a SQLite database and import it into Autopsy into the Extracted Content area. Learn more about the plugin here.

The new version of our favorite open source forensic tool – Autopsy, – has been released. New triage features. Make a VHD image during analysis. Pre-program files to analyze… Version 4.4.0 can be downloaded here.

Adam Witt has presented a fresh Python script. It’s called Windows Prefetch Carver and, as you already understood, can be used to carve Windows Prefetch artifacts from arbitrary binary data. Unfortunately, Windows 10 Prefetch files are compressed, and are unable to be carved from disk in this manner, but all other Prefetch formats are supported (Windows XP – Windows 8.1).

Daan Raman from NVISO Labs has published a blog post about their new tool – binsnitch.py. You can use this tool to detect unwanted changes to the file system. Use binsnitch.py to: create a baseline of trusted files for a workstation (golden image) and use it again later on to automatically generate a list of all modifications made to that system (for …

Redline version 1.20 introduces support for collection from and analysis of Window 10 systems and is already available for downloading here. Redline® provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis and the development of a threat assessment profile. With Redline, you can: Thoroughly audit and collect all running processes and drivers …

If you prefer to use different platforms for malware analysis and forensics, here is a good fresh tool for you – PPEE or Professional PE Explorer (also known as puppy). You can run it on Windows, macOS or Linux, and perform your analysis without any problems. For more information and download links check this post.

PsychoHasher is a Java based open source tool for generating and verifying hashes for text, files, combined digest for multiple files. It’s a program which can compute the following hashes: MD5, SHA1, SHA-224, SHA-256, SHA-384, and SHA-512. You can learn more about the tool and download it here. Here is a video presentation:

evtkit is a Python tool, which can help a computer forensic examiner to fix acquired Windows Event Log files. It’s lightweight, has no external dependencies and available for free at yarox24’s GitHub.