Plaso 20180818 released
A new version of the most popular forensic timelining tool, Plaso, has been released. Here is the list of noteworthy updates…
X-Ways Forensics Cheat Sheet
Brett Shavers has published his cheat sheet on how to you X-Ways Forensics. If you still haven’t checked it, it’…
The Sleuth Kit 4.6.2 and Autopsy 4.8.0 released
The new versions of the Sleuth Kit and Autopsy have been released. You can already download them at GitHub and test. New fea…
Imago: Digital Images Forensics Tool
Imago is a python tool that extract digital evidence from images recursively. This tool is useful throughout a digital foren…
The Challenges of APFS and How EnCase Can Help
The new Apple File System (APFS) was developed to replace HFS+ and became the default file system in September 2017. Like ma…
Deobfuscating Emotet’s PowerShell Payload
Lasq has posted a step-by-step guide on how to deobfuscate Emotet’s PowerShell payload. Also he shared a Python script…
How to Validate Your Forensic Tools
Paraben Software has published a free ebook called “How to Validate Your Forensic Tools”. The book is available …
POSH-Triage
Mike Cary has written a PowerShell script that automates the use of Eric Zimmerman’s cmd line tools (https://eric…
LiMEaide: Dump Linux Memory Remotely
LiMEaide is a python application designed to remotely dump RAM of a Linux client and create a volatility profile for later a…
Secret Office 365 Activities API
This is a quick look at the recently revealed “activities” API within Office 365. This undocumented interface pr…
