An introduction to file-system post-mortem forensic analysis
Computer Incident Response Center of Luxembourg has published materials used during their forensic trainings including slide…
Forensics and Incident Response In The Cloud
The purpose of this webinar is to delve into one of the most challenging aspects of working with a Cloud Service Provider (C…
Triage Image Creation
This episode of “Introduction to Windows Forensics” covers triage image creation. Richard Davis uses FTK Im…
Malcom: Malware Communication Analyzer
Malcom is a tool designed to analyze a system’s network communication using graphical representations of network traff…
Cobalt Strike Remote Threads Detection
Olaf Hartong has writted a blog post in which he shows how to use “Create Remote Thread” events to detect process injection …
PasteHunter
PasteHunter is a Python3 application that is designed to query a collection of sites that host publicliy pasted data. For al…
Extract forensic timeline from memory dumps with AutoTimeliner
Andrea Fortuna created the AutoTimeliner, a tool that “automagically extract forensic timeline from volatile memo…
A Planned Methodology for Forensically Sound IR in Office 365
A planned methodology for developing and implementing a forensically sound incident response plan in Microsoft’s Office 365 …
The Little Handbook of Windows Forensics
Andrea Fortunan has released his “The Little Handbook of Windows Forensics”. Here is the description from the au…
Robust Use of PsExec That Doesn’t Reveal Password Hashes
Brian Carrier and Chris Ray have found a way how to run PsExec and not reveal admin password hash. Check this blog post to l…
