Office365 Log Analysis Framework
After yesterday’s webcast Matt Bromiley released his Office365 Log Analysis Framework or OLAF to the public. You can l…
Security Event Logging and Monitoring Techniques for Incident Response in Hadoop
This presentation will share some of the techniques and lessons learned in real-world Hadoop implementation at Johns Hopkins…
Whitepaper: Acquiring and Parsing Data from iOS 11 Devices
Over its last few releases, Apple’s iOS—the operating system running on iPhones, iPads, and other mobile devices—has steadil…
Secret Office 365 Activities API
This is a quick look at the recently revealed “activities” API within Office 365. This undocumented interface pr…
Magnet User Summit CTF: Intrusion
So, we decided to finish our write-up today. The forth part – the most interesting part. Intrusion! Again, no more AXI…
Magnet User Summit CTF: Misc
We are continuing our write-up. The second part will walk you through the solution of the second set of CTF problems –…
Magnet User Summit CTF: Anti-Forensics
Yesterday Troy Schnack and Kevin Pagano suggested on Twitter that it would be good to write how I solved Magnet User Summit …
Smartphone Acquisition: Adapt, Adjust and Get Smarter!
Heather Mahalik has posted about a list of recommendations on iOS and Android-based smartphones forensic acquisition. If you…
Where Did It Come From: Forensic Analysis of Zone.Identifier
As you may know, David Cowen runs Sunday Funday Challenges, and one of the most recent was Zone.Identifier challenge. I have…
Epochalypse: Utility to Convert Epoch Timestamps
Epochalypse utility by Pasquale Stirparo has been updated. Now it supports APFS timestamps. You can download this Python scr…
