Windows 10 and beyond – What is your digital forensics investigation missing?
Windows Forensic Analysis is constantly progressing. If you have been doing digital forensics for the past few years and hav…
Android Recovery Acquisitions with Magnet AXIOM
In this post Jamie McQuaid from Magnet Forensics shows how to create Android physical images via custom recovery with A…
fuse-mft: Expose the File System Metadata Stored within an MFT
fuse-mft is a FUSE file system driver for MFT files. It allows an forensic examiner to mount the file system …
Detection of Backdating the System Clock in Windows
SANS Institute has published a whitepaper by Xiaoxi Fan titled “Detection of Backdating the System Clock in Windo…
Mac MRU Parser – Spotlight Shortcuts & BLOB Parsing
Sarah Edwards has updated her Mac MRU Parser. Now it parses the Spotlight Shortcuts plist and also the Bookmark an…
How to Recover Event Logs from a Windows Memory Image
Another interesting article has been posted by Andrea Fortuna. This time he is writing about event logs recovery f…
macOS forensic tools: HFS Journal Parser
HFS Journal Parser finds and parses catalog file record in HFS+/HFSX .journal file. It has searching capabilities, all…
Carving EVTX
Quentin Jerome from RawSec shared an article on carving Windows Event Logs in EVTX format. He gives a short overview of the …
Demisto – Volatility Memory Analysis
This demo shows the interactive investigation capabilities in Demisto using Volatility integration to analysis cridex malwar…
Hunting Fileless Malware with LOG-MD Free Edition
In this video you will learn how to hunt so called “Fileless malware” or “Non-Malware malware” …
