libfsapfs: Library and Tools to Access the Apple File System (APFS)
libfsapfs is a library and tools by Joachim Metz to access the Apple File System (APFS). Source code is available at GitHub.…
Evidence Generation X
Test evidence lies at the heart of our field. We need to be able to test our tools to make sure that they parse data correct…
SANS Hunt Evil Poster Updated
SANS has updated their Hunt Evil poster. It includes information about typical Windows processes, evidence of remote access …
Forensic analysis of multiple device BTRFS configurations using The Sleuth Kit
The analysis of file systems is a fundamental step in every forensic investigation. Long-known file systems such as FAT, NTF…
How to Put a Qualcomm Phone into EDL Mode
In this post Magnet Forensics talks about Emergency Download (EDL). This is a Qualcomm feature that can be used fo…
Join our Telegram DFIR group!
Guys, we have created a Telegram group, where we will do our best to answer all your questions. We will be very happy if you…
Eric Zimmerman Updated Most of His Tools
Eric Zimmerman has updated most of his tools: WxTCmd, Hasher, Timeline Explorer, ShellBags Explorer, AppCompa…
Payload Distribution Format
As a continuation of the “Introduction to Malware Analysis” series, this video walks through an analysis of a po…
Automating Analysis with Multi-Model Avocados
In every case you work on, someone is asking you to get answers faster but without introducing more human error. Depending o…
Acquring MediaTek (MTK) Phones with Magnet AXIOM
This video shows how to use Magnet AXIOM to acquire mobile devices using a MediaTek (MTK) chipset to bypass the user passcod…
