Memory forensics and the Windows Subsystem for Linux
The Windows Subsystem for Linux (WSL) was first included in the Anniversary Update of Microsoft’s Windows 10 operating…
Breaking Full Disk Encryption
Full Disk Encryption (FDE) may be rather useful as a defense mechanism against potential theft of a computer system. However…
Join our Telegram DFIR group!
Guys, we have created a Telegram group, where we will do our best to answer all your questions. We will be very happy if you…
Eric Zimmerman Updated Most of His Tools
Eric Zimmerman has updated most of his tools: WxTCmd, Hasher, Timeline Explorer, ShellBags Explorer, AppCompatCacheParser, A…
Windows 10 October 2018 Update Brings Clipboard History Feature
Windows 10 October 2018 Update will bring us a new valuable source of DFIR artifacts – Clipboard History. Now users ca…
Using SQL Server 2016 Temporal Tables for Data Forensics and Auditing
Temporal Tables are a new feature of SQL Server 2016. Join Pragmatic Works to learn what they are and how they track data ch…
Payload Distribution Format
As a continuation of the “Introduction to Malware Analysis” series, this video walks through an analysis of a po…
Automating Analysis with Multi-Model Avocados
In every case you work on, someone is asking you to get answers faster but without introducing more human error. Depending o…
Webinar on Timeline Forensics
In April 2018 Microsoft updated Windows 10 with a new feature called “Timeline”. The Timeline is similar to your browser his…
VSCMount Released
Eric Zimmerman has released another amazing tool – VSCMount. Now we have “a simple way to mount Volume Shadow Co…
