Carving Fragmented Registry Files
Yet another registry parser, or yarp, is a library and tools to deal with Windows registry files [1]. Despite the name, yarp…
Yet another registry parser, or yarp, is a library and tools to deal with Windows registry files [1]. Despite the name, yarp…
page_brute.py is a digital forensic tool purposed to analyze and categorize individual paged memory frames from Windows…
LogonTracer helps digital forensics analysts to investigate malicious logon by visualizing and analyzing Windows active dire…
The Windows registry is an essential source of evidence when performing a wide range of examinations. In a recent talk (Zero…
Redundant capacity in filesystem timestamps is recently proposed in the literature as an effective means for information hid…
Digital forensics is an evolving discipline that looks for evidence in electronic devices. It is being utilised in investiga…
Windows credentials are arguably the largest vulnerability affecting the modern enterprise. Credential harvesting is goal nu…
ArtifactExtractor is a script that extracts common Windows artifacts from source images and VSCs. Artifacts in VSCs will be …
Jason Hale has published an interesting post on how to use the amcache to track USB devices. You can find device serial…
Mari DeGrazia has published a very useful post, which will help you to learn how to find and decode malicious PowerShell scr…
Login