Introduction to Windows Forensics
Richard Davis has published another interesting video – an introduction to basic Windows forensics. He covers such top…
FSEParser v 2.1 released
New version of FSEventsParser has been released. FSEvents files are written to disk by OS X apis and contain historical reco…
Remote Viewing of Digital Evidence using X-Ways Investigator CTR
Ted Smith has published a video tutorial on how to view digital evidence remotely using X-Ways Investigator CTR: …
Volatility Workbench Beta
PassMark Software has released a beta version of Volatility Workbench – a graphical user interface (GUI) for the Volat…
Mac FS Events Parser for Autopsy
Mark McKinnon has written a plugin that will export the /.fseventsd directory to the temp folder and will then call an execu…
Introduction to Memory Forensics
Richard Davis has posted a video introduction to memory forensics, which includes a sample exercise using Volatility 2.6 to …
Autopsy 4.4.0 is out!
The new version of our favorite open source forensic tool – Autopsy, – has been released. New triage features. M…
Digital Forensics and Incident Response
Another DFIR book has been announced by Packt Publishing. It’s “Digital Forensics and Incident Response” b…
Analysis of a Ford Sync Gen 1 Module
James Grant has posted his findings from an analysis of a Ford Sync first generation module he undertook as part of his mast…
Windows Prefetch Carver
Adam Witt has presented a fresh Python script. It’s called Windows Prefetch Carver and, as you already understood, can…
