Introduction to Redline
As a continuation of the “Introduction to Memory Forensics” series, Richard Davis taking a look at Redline – a free analysis…
DROP (DRone Open source Parser) your drone: Forensic analysis of the DJI Phantom III
The DJI Phantom III drone has already been used for malicious activities (to drop bombs, remote surveillance and plane watch…
Automating Large-Scale Memory Forensics
Henrik Johansen has published a post about how to automate memory forensics process as much as possible. He starts from the …
Cloud attacks illustrated: How unique insights from Microsoft help you defend against attacks
The threat landscape is rapidly evolving, making it hard for most organizations to keep pace. Learn how Microsoft Azure Secu…
Plaso Heimdall Has Been Released
The Plaso development team has announced the new version of the tool – Heimdall. Here is the list of new features: New…
APFS Timestamps
Yogesh Khatri has started his journey in Apple File System reverse engineering. He has checked APFS documentation and found …
SANS SQLite Pocket Reference Guide
This guide is a supplement to SANS FOR518: Mac Forensic Analysis and SANS FOR585: Advanced Smartphone Forensics, and enhance…
Forensicating Messanging in iOS 11
Heather Mahalik, the author of Practical Mobile Forensics and SANS FOR585, has written a post about forensicating iOS 11 iMe…
Taking Hunting to the Next Level: Hunting in Memory
The vast majority of threat hunting takes place on easily visible and accessible system artifacts. These include log entries…
Steve Whalen on APFS Forensics
APFS is here! Macintosh forensics expert and SUMURI CEO Steve Whalen gives you the critical information you need to stay ahe…
