Backstage Parser
Arsenalâs Brian Gerdon presented Backstage Parser – a python tool that can be used to parse the contents of Microsoft …
Gone in 10 Seconds: Snapchat Forensics
John Walther has written an article about Snapchat forensics. He used an iOS device running 11.4.1 and an Android device run…
Acquire Volatile Memory from FreeBSD with FreeBmAM
Free-B-sd m-emory A-cquisition M-odule Tool/Kernel Module allows acquisition of volatile memory from FreeBSD. You can learn …
DEFT X Virtual Appliance is Available for Downloading
The latest version of the system dedicated to forensic analysis and incident management, DEFT X, is released and available f…
$SignaturesAreDead = âLong Live RESILIENT Signatures”
Signatures are dead, or so weâre told. Itâs true that many items that are shared as Indicators of Compromise (file names/pat…
GiftStick: 1-Click Push Forensics Evidence to the Cloud
GiftStick allows an inexperimented user to easily (one click) upload forensics evidence (such as some information about the …
Autopsy 4.9.0 and the Sleuth Kit 4.6.3 released
New versions of our open source DFIR tools have been released: Autopsy New Features: Removed data from table that are time i…
Beyond good ol’ LaunchAgent – part 0
Pasquale Stirparo has started a post series about macOS persistense mechanisms titled “Beyond good ol’ LaunchAge…
Cloud Forensics: Google Drive
We decided to continue our cloud forensics series, but focus on more popular desktop applications, this time it’s goin…
Amcache_Scan Autopsy Plugin
This Autopsy plugin by Rebecca Anderson won Autopsy Plugin Contest this year at Open Source Digital Forensics Conference (OS…
