Forensic analysis of multiple device BTRFS configurations using The Sleuth Kit
The analysis of file systems is a fundamental step in every forensic investigation. Long-known file systems such as FAT, NTF…
Memory forensics and the Windows Subsystem for Linux
The Windows Subsystem for Linux (WSL) was first included in the Anniversary Update of Microsoft’s Windows 10 operating…
Breaking Full Disk Encryption
Full Disk Encryption (FDE) may be rather useful as a defense mechanism against potential theft of a computer system. However…
How to Put a Qualcomm Phone into EDL Mode
In this post Magnet Forensics talks about Emergency Download (EDL). This is a Qualcomm feature that can be used fo…
Join our Telegram DFIR group!
Guys, we have created a Telegram group, where we will do our best to answer all your questions. We will be very happy if you…
Eric Zimmerman Updated Most of His Tools
Eric Zimmerman has updated most of his tools: WxTCmd, Hasher, Timeline Explorer, ShellBags Explorer, AppCompa…
Windows 10 October 2018 Update Brings Clipboard History Feature
Windows 10 October 2018 Update will bring us a new valuable source of DFIR artifacts – Clipboard History. Now use…
Using SQL Server 2016 Temporal Tables for Data Forensics and Auditing
Temporal Tables are a new feature of SQL Server 2016. Join Pragmatic Works to learn what they are and how they track da…
Payload Distribution Format
As a continuation of the “Introduction to Malware Analysis” series, this video walks through an analysis of a po…
Automating Analysis with Multi-Model Avocados
In every case you work on, someone is asking you to get answers faster but without introducing more human error. Depending o…
