Here is an article by William Tan describing the usage of OS X FSEvents to discover deleted malicious artifacts.

If you prefer to use Linux or Mac OS X as primary operating system on your forensic workstation and deal with BitLocker-encrypted volumes on daily basis – you find this tool very helpful.

Dauda Sule has written a nice beginner’s guide to eDiscovery.

Belkasoft has published a fresh article at their website – “Comprehensive Forensic Chat Examination with Belkasoft”.

Shelly Giesbrecht, a member of Cisco’s Incident Response Services team, has written a very interesting post on Cisco IR go-bag.