Amcache Forensics: Populated or Not?
New Sunday – new Funday! This week’s Sunday Funday presented the following challenge to solve: What are all the …
Threat Hunting Using Live Box Forensics
In a threat landscape characterized by targeted attacks, fileless malware, and other advanced hacking techniques, the days o…
Shellbags Forensics: Directory Viewing Preferences
Had some free time last week, so decided to participate in David Cowen’s Sunday Funday challenge. My submission didn&#…
The Forensic Lunch schedule for Q1 2019
David Cowen has posted the Forensic Lunch schedule for Q1 2019. You can find the dates here. …
Autopsy 4.10.0 and the Sleuth kit 4.6.5 have been released
The new versions of the most popular open source DFIR tools, Autopsy and the Sleuth kit, have been released. You can find re…
volatility-wnf: Browse and dump Windows Notification Facilities
This Volatility plugin is based on work of Alex Ionescu and Gabrielle Viala. https://blog.quarkslab.com/playing-with-the-win…
Learning Android Forensics, 2nd Edition has been released
The 2nd edition of Learning Android Forensics by Oleg Skulkin, Donnie Tindal and Rohit Tamma has been released. Here is the …
yara_tools: Create YARA Rules In Python
Michael Matonis has written a library that helps security researchers create simple or complex YARA rules in Python. It̵…
Digital Forensics Tutorials by AccessData
AccessData has published a bunch of videos on its YouTube channel. You’ll learn about detecting and attacking TrueCtyp…
Badly behaving scripts
As browser and operating system security have been improving, there has been a rise in conventional malware attacks relying …
