Recycle Bin Forensics
As a continuation of Richard Davis’ “Introduction to Windows Forensics” series, this video introduces Recycle Bin Forensics. From Windows 95 to Windows 10, the history of the Recycle Bin is covered....
View ArticleCarve and recreate VSS catalog with vss_carver
Minoru Kobayashi has presented a tool for carving and recreating deleted VSS at at Japan Security Analyst Conference 2018. The script is already available for downloading at his GitHub.
View ArticleSimplifying Bro IDS Log Parsing with ParseBroLogs
A few days ago Dan Gunter has published a post about his tool capable of parsing logs from the Bro Intrusion Detection System. You can easily install ParseBroLogs via pip: pip install parsebrologs If...
View ArticleCyDefe Labs DFIR Challenges
If you don’t know what to do on a Sunday evening, there is a bunch of nice digital forensics and incident response challenges for you. CyDefe Labs have prepared memory forensics, incident response and...
View ArticleAnother EVTX parser has arrived!
Sergey Golovanov from Kaspersky Lab has announced a new EVTX parser. One of its great features is different operating systems support, so it doesn’t matter if you use a Windows workstation, a MacBook...
View ArticleNilay Mistry’s Research Papers
Nilay Mistry has shared his research papers for publication. If you want to publish your research or articles at Cyber Forensicator – contact us via Telegram group. fileserve...
View ArticleRDP Cache Forensics
As a continuation of the “Introduction to Windows Forensics” series, this video introduces Remote Desktop Protocol (RDP) Cache Forensics. Did you know that when you use the mstsc.exe RDP client on...
View ArticleInvestigating the Cyber Breach has been released
“Investigating the Cyber Breach: The Digital Forensics Guide for the Network Engineer” by Joseph Muniz and Aamir Lakhani has been released. Reading the book you will: · Understand the...
View ArticleVisualize Packet Captures with PcapXray
PcapXray is a network forensics tool for visualizing packet captures offline as network diagrams including device identification, highlighting important communication and file extraction. You can learn...
View ArticleThe Sleuth Kit and Autopsy 4.6.0 have been released
The Sleuth Kit and Autopsy 4.6.0 are available for downloading. Here are the lists of new features: The Sleuth Kit New Communications related Java classes and database tables Java build updates for...
View ArticleClik here to view.
Forensic Analysis of Damaged SQLite Databases
SQLite databases are very common sources of forensic artifacts nowadays. A lot of mobile applications store data in such databases, you can also find them on desktop computers and laptops as well, for...
View ArticleAutopsy 4.6.0 Linux Beta 1
The first beta Linux version of your favourite open source DFIR tool Autopsy. You can download it here. Now the tool has the following known limitations: Multi-user cases are not supported Local drives...
View ArticleMake Your Debian a Forensic Workstation
If you are looking for a SIFT replacement and already have a Debian workstation, this package is for you. Forensics-full package will help you to get everything you need to perform a first class...
View ArticleVolatility: Proxies and Network Traffic
Marcus Bakker from MB Secure has published a tutorial on how to catch malware beaconing from an infrastructure where a non-transparent proxy is used for all outgoing network traffic.
View ArticleDigital Forensics: Open Source Investigation/Verification Tools
In this video Aliaume Leroy from Bellingcat talks about open source investigation/verification tools and presents a number of real life examples of its usage:
View ArticleDecoding the Hexadecimal Representation of a PostgreSQL Database Table
Joseph Balazs, Dr. Marcus Rogers, Dr. John Springer and Dr. Dawn Laux conducted a research on decoding the hexademical representation of a PostgreSQL database tables. Simple testing was done on a table...
View ArticleDigital Forensic Approaches for Amazon Alexa Ecosystem
Internet of Things devices such as the Amazon Echo are undoubtedly great sources of potential digital evidence due to their ubiquitous use and their always on mode of operation, constituting a human...
View ArticleWhat is new in Belkasoft Evidence Center 9.0
In this video, Belkasoft discusses new features of Evidence Center version 9.0 such as new reporting, deduplication, PhotoDNA, NTFS compression, macOS system configuration analysis and other features...
View ArticleMobile Forensic Investigations: A Guide to Evidence Collection, Analysis, and...
McGraw-Hill Education has anounced the second edition of award-winning “Mobile Forensic Investigations: A Guide to Evidence Collection, Analysis, and Presentation” by Lee Reiber. Written by an expert...
View ArticleWindows Process Genealogy
As an incident responder, one of the things you need to be able to quickly do when looking at a list of processes, is immediately spot things that don’t look right. As you saw in previous videos in...
View Article