Windows 10 forensics

Science

USB Storage Device Forensics for Windows 10

Significantly increased use of USB devices due to their user-friendliness and large storage capacities poses various threats…

Tips & Tricks

Deep Analysis of New Poison Ivy Variant

Recently, the FortiGuard Labs research team observed that a new variant of Poison Ivy was being spread through a compromised…

How To

Memory Acquisition and Virtual Secure Mode

Jason Hale has published a post about the impact of VBS on memory acqusition. With Windows 10 and Server 2016, Microsoft add…

Software

The Sleuth Kit 4.4.2 and Autopsy 4.4.1 have been released

New versions of your favourite open source DFIR tools – the Sleuth Kit and Autopsy, – have been released. The Sl…

Videos

Windows MACB Timestamps (NTFS Forensics)

As a continuation of the “Introduction to Windows Forensics” series by Richard Davis, this video introduces the …

Software

WMI Forensics

There are two scripts by David Pany, which can help an analyst to find evidence in WMI repositories: CCM_RUA_finder.py and P…

Videos

Windows SRUM Forensics

Richard Davis continues his “Introduction to Windows Forensics” series with a video about the System Resource Ut…

Videos

Windows 10 and beyond – What is your digital forensics investigation missing?

Windows Forensic Analysis is constantly progressing. If you have been doing digital forensics for the past few years and hav…

Tips & Tricks

Using Outlook Forms for Lateral Movement and Persistence

During a recent investigation, CrowdStrike Services team identified an adversary attack method, used for lateral movement an…

Webinars

Detection of Backdating the System Clock in Windows

SANS Institute has published a whitepaper by Xiaoxi Fan titled “Detection of Backdating the System Clock in Windows…

Tag Archives: Windows 10 forensics

USB Storage Device Forensics for Windows 10

Deep Analysis of New Poison Ivy Variant

Memory Acquisition and Virtual Secure Mode

The Sleuth Kit 4.4.2 and Autopsy 4.4.1 have been released

Windows MACB Timestamps (NTFS Forensics)

WMI Forensics

Windows SRUM Forensics

Windows 10 and beyond – What is your digital forensics investigation missing?

Using Outlook Forms for Lateral Movement and Persistence

Detection of Backdating the System Clock in Windows

About Us

Popular Posts

Android Forensics Using Some Open Source Tools

What’s in Your Incident Response Go-Bag?

Timeline

Diffy: A Triage Tool for Cloud-Centric Incident Response

Office365 Log Analysis Framework

Detecting Malicious PowerShell Commands using Deep Neural Networks

No Tool Fits All – Why Building a Solid Toolbox Matters

Security Event Logging and Monitoring Techniques for Incident Response in Hadoop

Tag Archives: Windows 10 forensics

Follow Us

About Us

Popular Posts

Timeline

Diffy: A Triage Tool for Cloud-Centric Incident Response

Office365 Log Analysis Framework

Detecting Malicious PowerShell Commands using Deep Neural Networks

No Tool Fits All – Why Building a Solid Toolbox Matters

Security Event Logging and Monitoring Techniques for Incident Response in Hadoop