SANS SQLite Pocket Reference Guide
This guide is a supplement to SANS FOR518: Mac Forensic Analysis and SANS FOR585: Advanced Smartphone Forensics, and enhance…
Get Practical Windows Forensics for Free!
Today you have a unique opportunity to get a digital copy of Practical Windows Forensics (Packt Publishing) by Ayman Shaaban…
Windows NTFS Index Attributes ($I30 Files)
This new video by Richard Davis from “Introduction to Windows Forensics” series covers the basic information you need to kno…
Cyber Security Interviews: Harlan Carvey
Harlan Carvey, the author of Windows Forensic Analysis and Windows Registry Forensics, has been recently interviewed by Cybe…
Using Powerforensics for Windows LNK Analysis
In this post Lionel Faleiro shows how to use Powerforensics, a PowerShell framework created for hard drive forensic analysis…
USB Storage Device Forensics for Windows 10
Significantly increased use of USB devices due to their user-friendliness and large storage capacities poses various threats…
Deep Analysis of New Poison Ivy Variant
Recently, the FortiGuard Labs research team observed that a new variant of Poison Ivy was being spread through a compromised…
Memory Acquisition and Virtual Secure Mode
Jason Hale has published a post about the impact of VBS on memory acqusition. With Windows 10 and Server 2016, Microsoft add…
The Sleuth Kit 4.4.2 and Autopsy 4.4.1 have been released
New versions of your favourite open source DFIR tools – the Sleuth Kit and Autopsy, – have been released. The Sl…
Windows MACB Timestamps (NTFS Forensics)
As a continuation of the “Introduction to Windows Forensics” series by Richard Davis, this video introduces the …
