Comae Stardust – New Features
Matt Suiche has recorded a presentation on the new features of Comae Stardust, such as process memory dump support, YARA sca…
Dissecting Cozy Bear’s malicious LNK file
Weaponized LNK files are not very popular way of distributing malware, but, of course, sometimes they take place. One of a g…
Analyzing PowerShell Malware
In this talk Chris Davis discuss how to properly reverse engineer many types of PowerShell malware from analyzing dropper do…
MalDozer: Automatic Framework for Android Malware Chasing Using Deep Learning
ElMouatez Billah Karbab discusses his work at DFRWS EU 2018: …
Mac_apt –The Smarter and Faster Approach to macOS Processing
macOS forensics has not seen the kind of attention Windows gets. Few tools and documentation exist to specifically address m…
Triage Image Creation
This episode of “Introduction to Windows Forensics” covers triage image creation. Richard Davis uses FTK Imager …
Netflix -Windows 10 Appstore Forensics
Justin Boncaldo has written a post about forensic analysis of Netflix app. It seems the app doesn’t store a lot of dat…
Efficiently Summarizing Web Browsing Activity
Reviewing web browsing activity is relevant in a wide variety of DFIR cases. With many users having multiple devices that ma…
Malcom: Malware Communication Analyzer
Malcom is a tool designed to analyze a system’s network communication using graphical representations of network traff…
The Most Essential Image Data Retrieval for Digital Forensic Experts
This article is a general explanation why and how forensic experts and first responders could benefit from a tool that provi…
