Windows Forensics: Event Trace Logs
Looking for a “new” Windows artifact that is currently being underutilized and contains a wealth of information? Event Traci…
RBCmd: Recycle Bin artifact parser
Eric Zimmerman has released a new tool. This time it’s Recycle Bin artifact parser called RBCmd. It supports both INFO…
The Little Handbook of Windows Forensics
Andrea Fortunan has released his “The Little Handbook of Windows Forensics”. Here is the description from the au…
Cloud Forensics: Google Drive
We decided to continue our cloud forensics series, but focus on more popular desktop applications, this time it’s goin…
Amcache_Scan Autopsy Plugin
This Autopsy plugin by Rebecca Anderson won Autopsy Plugin Contest this year at Open Source Digital Forensics Conference (OS…
Join our Telegram DFIR group!
Guys, we have created a Telegram group, where we will do our best to answer all your questions. We will be very happy if you…
Eric Zimmerman Updated Most of His Tools
Eric Zimmerman has updated most of his tools: WxTCmd, Hasher, Timeline Explorer, ShellBags Explorer, AppCompatCacheParser, A…
Windows 10 October 2018 Update Brings Clipboard History Feature
Windows 10 October 2018 Update will bring us a new valuable source of DFIR artifacts – Clipboard History. Now users ca…
Automating Analysis with Multi-Model Avocados
In every case you work on, someone is asking you to get answers faster but without introducing more human error. Depending o…
Webinar on Timeline Forensics
In April 2018 Microsoft updated Windows 10 with a new feature called “Timeline”. The Timeline is similar to your browser his…
