Smartphone Forensics Investigations: An Overview of Third Party App Examination
There are millions of applications that can be used on a smartphone. This mini webcast with Terrance Maguire outlines an app…
Living in the Shadow of the Shadow Brokers
Most people know the Shadow Brokers leaked (supposedly) stolen NSA cyber tools, which lead to some of the most significant c…
Advanced Smartphone Forensics Poster Updated
SANS has updated Advanced Smartphone Forensics poster. You’ll learn how to deal with SQLite databases, ADB and libimob…
SANS Hunt Evil Poster Updated
SANS has updated their Hunt Evil poster. It includes information about typical Windows processes, evidence of remote access …
Join our Telegram DFIR group!
Guys, we have created a Telegram group, where we will do our best to answer all your questions. We will be very happy if you…
The Magic of Raw Data Carving
You have used all of the utilities in your expensive forensic suite, and other programs to carve files from unallocated file…
What Event Logs? Part 2: Lateral Movement without Event Logs
Many analysts rely on Windows Event Logs to help gain context of attacker activity on a system, with log entries serving as …
What Event Logs? Part 1: Attacker Tricks to Remove Event Logs
Many analysts rely on Windows Event Logs to help gain context of attacker activity on a system, with log entries serving as …
Meltdown and Spectre – understanding and mitigating the threats
Yesterday, two new vulnerabilities (Meltdown and Spectre) were introduced that are in the architecture of processors in near…
SANS DFIR Updated Memory Forensics Cheat Sheet
Memory Forensics Cheat Sheet by SANS DFIR has been updated. The authors added new plugins like hollowfind and dumpregistry, …
