Autopsy 4.4.0 is out!
The new version of our favorite open source forensic tool – Autopsy, – has been released. New triage featur…
Digital Forensics and Incident Response
Another DFIR book has been announced by Packt Publishing. It’s “Digital Forensics and Incident Response” b…
Windows Prefetch Carver
Adam Witt has presented a fresh Python script. It’s called Windows Prefetch Carver and, as you already understood…
Exposing Command Line Shells History with PowerShell
Eyal Neemany has published a post on how to use PowerShell to expose command line shells history. He notes that the big…
Windows, now with built in anti forensics!
One of our favorite forensicators – David Cowen, – has published a very interesting post in Hacking Exposed Comp…
Join our Telegram DFIR group!
Guys, we have created a Telegram group, where we will do our best to answer all your questions. We will be very happy if you…
Fix acquired EVT files with evtkit
evtkit is a Python tool, which can help a computer forensic examiner to fix acquired Windows Event Log files. It’s lig…
A Novel Method for Windows Phone Forensics
Mobile forensics is a branch of cyber forensics which helps in extracting evidence from mobile devices. A variety of softwar…
Tracking threat actors through .LNK files
In this blog post guys from NVISO Labs answer Harlan Carvey’s question: “Did you parse the LNK file for things s…
A Guide to Eric Zimmerman’s command line tools
SANS Instructor and Former FBI Agent Eric Zimmerman has provided several open source command line tools free to the DFIR Com…
