Digital Forensics and Incident Response
Another DFIR book has been announced by Packt Publishing. It’s “Digital Forensics and Incident Response” b…
Exposing Command Line Shells History with PowerShell
Eyal Neemany has published a post on how to use PowerShell to expose command line shells history. He notes that the biggest …
Windows, now with built in anti forensics!
One of our favorite forensicators – David Cowen, – has published a very interesting post in Hacking Exposed Comp…
A Guide to Eric Zimmerman’s command line tools
SANS Instructor and Former FBI Agent Eric Zimmerman has provided several open source command line tools free to the DFIR Com…
Forensics Analysis from Cloud Storage Client Application on Proprietary Operating System
Increased use of cloud storage services have become a necessity alternative that complements the main storage media in every…
Tor Browser Artifacts in Windows 10
Here is a paper by Aron Warren from SANS Institute Reading Room site about Tor browser artifacts in Windows 10. The Tor netw…
Windows 10 Forensics
In this article, we are going to take a close look at the fundamentally new sources of digital evidences that are typical fo…
An Overview: Windows Volume Shadow Copies
BlackBag Training Team has published a fresh post. This time they are speaking about Windows Volume Shadow Copies. You will …
Accessing & Copying Volume Shadow Copy Contents From Live Remote Systems
Dan Pullega has published a useful “forensics quickie” in his blog. In the post he shows how to access and copy …
Harlan Carvey speaks about digital forensic tools
Harlan Carvey, the author of best selling Windows Forensic Analysis series, has published a post in his blog about tools he …
