SANS Hunt Evil Poster Updated
SANS has updated their Hunt Evil poster. It includes information about typical Windows processes, evidence of remote access …
Forensic analysis of multiple device BTRFS configurations using The Sleuth Kit
The analysis of file systems is a fundamental step in every forensic investigation. Long-known file systems such as FAT, NTF…
How to Put a Qualcomm Phone into EDL Mode
In this post Magnet Forensics talks about Emergency Download (EDL). This is a Qualcomm feature that can be used for data rec…
Join our Telegram DFIR group!
Guys, we have created a Telegram group, where we will do our best to answer all your questions. We will be very happy if you…
Eric Zimmerman Updated Most of His Tools
Eric Zimmerman has updated most of his tools: WxTCmd, Hasher, Timeline Explorer, ShellBags Explorer, AppCompatCacheParser, A…
Payload Distribution Format
As a continuation of the “Introduction to Malware Analysis” series, this video walks through an analysis of a po…
Automating Analysis with Multi-Model Avocados
In every case you work on, someone is asking you to get answers faster but without introducing more human error. Depending o…
Acquring MediaTek (MTK) Phones with Magnet AXIOM
This video shows how to use Magnet AXIOM to acquire mobile devices using a MediaTek (MTK) chipset to bypass the user passcod…
Webinar on Timeline Forensics
In April 2018 Microsoft updated Windows 10 with a new feature called “Timeline”. The Timeline is similar to your browser his…
VSCMount Released
Eric Zimmerman has released another amazing tool – VSCMount. Now we have “a simple way to mount Volume Shadow Co…
