In this post Jamie McQuaid from Magnet Forensics shows how to create Android physical images via custom recovery with AXIOM,…

fuse-mft is a FUSE file system driver for MFT files. It allows an forensic examiner to mount the file system tree defined by…

SANS Institute has published a whitepaper by Xiaoxi Fan titled “Detection of Backdating the System Clock in Windows…

Sarah Edwards has updated her Mac MRU Parser. Now it parses the Spotlight Shortcuts plist and also the Bookmark and Alias BL…

Another interesting article has been posted by Andrea Fortuna. This time he is writing about event logs recovery from a Wind…

HFS Journal Parser finds and parses catalog file record in HFS+/HFSX .journal file.  It has searching capabilities, allows t…

Quentin Jerome from RawSec shared an article on carving Windows Event Logs in EVTX format. He gives a short overview of the …

This demo shows the interactive investigation capabilities in Demisto using Volatility integration to analysis cridex malwar…

In this video you will learn how to hunt so called “Fileless malware” or “Non-Malware malware” using…

BlackBag Training Team has published a post about Mac memory imaging and analysis. They start from different ways of capturi…