Webinar on Timeline Forensics
In April 2018 Microsoft updated Windows 10 with a new feature called “Timeline”. The Timeline is similar to your browser his…
VSCMount Released
Eric Zimmerman has released another amazing tool – VSCMount. Now we have “a simple way to mount Volume Shadow Co…
Accessing Windows 10 Volume Shadows
In this post Harlan Carvey shows that most known methods used for forensicating Volume Shadow copies no longer work with Win…
The Newest Version of SANS Windows Forensic Analysis Poster is Online
SANS DFIR posted the newest version of Windows Forensic Analysis poster. Updated Windows Time Rules table, lots of artifacts…
Anbox: Boot a Full Android System on a Regular GNU/Linux System
Anbox is a container-based approach to boot a full Android system on a regular GNU/Linux system like Ubuntu. In other words:…
Successful Insider Threat Investigations
No two insider threat investigations are ever the same—but a standardized process can help them run more smoothly. When you …
Dear Blue Team: Forensic Advice to Non-Forensic Professionals to Supercharge Organization DFIR
In an age where data breaches and malware infections are quickly becoming the norm, we must prepare for Digital Forensics an…
Imaginary C2: Malware Network Behavior Analysis Tool
Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP …
Search for Malware on Webservers with Blazescan
Blazescan is a Linux webserver malware scanning and incident response tool, with built in support for cPanel servers, but wi…
Plaso 20180818 released
A new version of the most popular forensic timelining tool, Plaso, has been released. Here is the list of noteworthy updates…
