Eric Zimmerman Updated Most of His Tools
Eric Zimmerman has updated most of his tools: WxTCmd, Hasher, Timeline Explorer, ShellBags Explorer, AppCompa…
Eric Zimmerman has updated most of his tools: WxTCmd, Hasher, Timeline Explorer, ShellBags Explorer, AppCompa…
Windows 10 October 2018 Update will bring us a new valuable source of DFIR artifacts – Clipboard History. Now use…
In every case you work on, someone is asking you to get answers faster but without introducing more human error. Depending o…
In April 2018 Microsoft updated Windows 10 with a new feature called “Timeline”. The Timeline is similar to your browser his…
In this post Harlan Carvey shows that most known methods used for forensicating Volume Shadow copies no longer work with Win…
SANS DFIR posted the newest version of Windows Forensic Analysis poster. Updated Windows Time Rules table, lots of arti…
Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP …
As a continuation of the “Introduction to Windows Forensics” series by Richard Davis, this episode looks at pers…
David Cowen has posted Defcon DFIR CTF 2018 images and questions at his blog. It’s time to download them and have…
Mike Cary has written a PowerShell script that automates the use of Eric Zimmerman’s cmd line tools (https://eric…
Login