Breaking Full Disk Encryption
Full Disk Encryption (FDE) may be rather useful as a defense mechanism against potential theft of a computer system. However…
Join our Telegram DFIR group!
Guys, we have created a Telegram group, where we will do our best to answer all your questions. We will be very happy if you…
Eric Zimmerman Updated Most of His Tools
Eric Zimmerman has updated most of his tools: WxTCmd, Hasher, Timeline Explorer, ShellBags Explorer, AppCompa…
VSCMount Released
Eric Zimmerman has released another amazing tool – VSCMount. Now we have “a simple way to mount Volume Shadow Co…
Accessing Windows 10 Volume Shadows
In this post Harlan Carvey shows that most known methods used for forensicating Volume Shadow copies no longer work with Win…
Successful Insider Threat Investigations
No two insider threat investigations are ever the same—but a standardized process can help them run more smoothly. When you …
Imaginary C2: Malware Network Behavior Analysis Tool
Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP …
Search for Malware on Webservers with Blazescan
Blazescan is a Linux webserver malware scanning and incident response tool, with built in support for cPanel servers, but wi…
Plaso 20180818 released
A new version of the most popular forensic timelining tool, Plaso, has been released. Here is the list of noteworthy updates…
X-Ways Forensics Cheat Sheet
Brett Shavers has published his cheat sheet on how to you X-Ways Forensics. If you still haven’t checked it, it’…
