Magnet User Summit CTF: Intrusion
So, we decided to finish our write-up today. The forth part – the most interesting part. Intrusion! Again, no more AXI…
Magnet User Summit CTF: Exfiltration
Hope you are having a great Sunday, and we are continuing our write-up. No more AXIOM, by the way! You wanted open source to…
Magnet User Summit CTF: Misc
We are continuing our write-up. The second part will walk you through the solution of the second set of CTF problems –…
Magnet User Summit CTF: Anti-Forensics
Yesterday Troy Schnack and Kevin Pagano suggested on Twitter that it would be good to write how I solved Magnet User Su…
afro (APFS file recovery)
afro can parse APFS images. It not only extracts the latest data but also older versions of the files. Learn more about the …
Darwin-Collector – collect key files for macOS investigations
Darwin-Collector.sh is a script designed to be run against a mounted image, live system, or device in target disk mode. The …
2018 Volatility Plugin Contest
Volatility Foundation has announced this year’s Plugin Contest. All you need is to create an innovative and usefu…
Docker Explorer – a Tool to Help Forensicate Offline Docker Acquisitions
This project helps a forensics analyst explore offline Docker filesystems. Docker uses layered backend filesystems like…
Windows Process Genealogy
As an incident responder, one of the things you need to be able to quickly do when looking at a list of processes, is immedi…
Exploring Registry Explorer
This webinar covers Registry Explorer version 1.0 including features such as searching multiple hives, transaction log repla…
