SQLite Forensics has been released
SQLite Forensics, a new book by Paul Sanderson, has been released and is available for order at Amazon. Here is its overview…
Windows Process Genealogy
As an incident responder, one of the things you need to be able to quickly do when looking at a list of processes, is immedi…
44 New OS X Profiles Were Just Added to Volatility
If you are doing macOS memory forensics often enough, we have great news for you –Â 44 new OS X profiles have been just…
Windows 10 Timeline Forensic Artefacts
Alex Caithness has published a post in CCL Group blog overviewing the newest Windows 10 feature – the Timeline. All Ti…
Cloud Forensics: pCloud Drive
We continue our unforgetable journey to the world of cloud forensics. This time we are going to forensicate pCloud desktop a…
Bash sessions in macOS (and why you need to understand its working)
Yogesh Khatri has posted about forensic examination of Bash history in macOS. You can walk through the post at his blog. …
Getting Saucy with APFS
Sarah Edwards has published her presentation (PDF) and demo videos from BSides Baltimore. You will learn about how to acquir…
Event Log Forensics with Log Parser
As a continuation of the “Introduction to Windows Forensics” series, this video introduces Log Parser. This powe…
Memory Forensics & Tor
Matt from bit_of_hex has published an interesting post about finding traces of Tor Browser usage in memory images with Volat…
How to Perform Hadoop Forensics
In this post Chiheb Chebbi shows you how to perform Hadoop forensics. You will learn about Big Data in general, the Hadoop D…
