Hello Reader, This week a new champion emerges and enters the winners circle. Congratulations to Oleg Skulkin who grabbed a win this week with his testing! Make sure to come back tomorrow to see next weeks’ challenge for your chance at $100! The Challenge: We’ve tested what happens for copies to NTFS drives. Now let’s change […]
Hello Reader, This week a new champion emerges and enters the winners circle. Congratulations to Oleg Skulkin who grabbed a win this week with his testing! Make sure to come back tomorrow to see next weeks’ challenge for your chance at $100! The Challenge: We’ve tested what happens for copies to NTFS drives. Now let’s change […]
Hello Reader, Tonight I’m back in my home lab with access to all my handy testing VMs! I decided to start up a series of tests on the Application Compatibility Cache artifacts (including Shimcache and Amcache amongst others to be tested). The tests have already shown more than I expected and here is what we learned tonight: Extracting an […]
Hello Reader, Tonight I’m back in my home lab with access to all my handy testing VMs! I decided to start up a series of tests on the Application Compatibility Cache artifacts (including Shimcache and Amcache amongst others to be tested). The tests have already shown more than I expected and here is what we learned tonight: Extracting an […]
Hello Reader, Now that Magnet has announced that this years Magnet User Summit will be April 2-3, 2019 in Nashville, TN I can announce that we will be doing two things there. First you can find out more about MUS here https://www.magnetusersummit.com/ 1. Matt and I will be doing a live Forensic Lunch broadcast from […]
Hello Reader, Now that Magnet has announced that this years Magnet User Summit will be April 2-3, 2019 in Nashville, TN I can announce that we will be doing two things there. First you can find out more about MUS here https://www.magnetusersummit.com/ 1. Matt and I will be doing a live Forensic Lunch broadcast from […]
Hello Reader, Tonight I did a bit of an experimental stream. I loaded the current first chapter draft of the new book and its proposed outline and talked through with those watching what I was planning to do. Thanks to Hooligan Goto for helping me out as I tried to figure out what my outline was […]
Hello Reader, Tonight I did a bit of an experimental stream. I loaded the current first chapter draft of the new book and its proposed outline and talked through with those watching what I was planning to do. Thanks to Hooligan Goto for helping me out as I tried to figure out what my outline was […]
Hello Reader, The test kitchen has returned! Tonight we looked at the new USB artifacts described in yesterdays post http://www.hecfblog.com/2018/11/daily-blog-536-usb-30-external-storage.html and look to see how USB Detective handles the new driver. Here is what we learned: The DeviceContainers key is the place that glues together the disparate keys you need for a storage device to figure out its properties The […]
Hello Reader, The test kitchen has returned! Tonight we looked at the new USB artifacts described in yesterdays post http://www.hecfblog.com/2018/11/daily-blog-536-usb-30-external-storage.html and look to see how USB Detective handles the new driver. Here is what we learned: The DeviceContainers key is the place that glues together the disparate keys you need for a storage device to figure out its properties The […]
Hello Reader, Everything changes and we can never rest when it comes to testing and validating our forensic artifacts. This time the change has come to large external storage drives, such as the Seagate USB 3.0 drive I have next to me. If you’ve been doing USB forensics lately you may have noticed a conspicuous […]
Hello Reader, Everything changes and we can never rest when it comes to testing and validating our forensic artifacts. This time the change has come to large external storage drives, such as the Seagate USB 3.0 drive I have next to me. If you’ve been doing USB forensics lately you may have noticed a conspicuous […]
Hello Reader, Another week for you to succeed! Every week the amount of submissions I get changes greatly so don’t think that you can’t win. You just have to submit what you think is your best submission and see what happens. This week we will continue or focus on validating time stamps. The Prize:$100 Amazon GiftcardThe […]
Hello Reader, Another week for you to succeed! Every week the amount of submissions I get changes greatly so don’t think that you can’t win. You just have to submit what you think is your best submission and see what happens. This week we will continue or focus on validating time stamps. The Prize:$100 Amazon GiftcardThe […]
Hello Reader, Another week and another round of quality submissions. Once again Sandor Tokesi has taken a win by including not just all of the file name and standard information attribute timestamps, he also tested cut and paste within a volume and between volumes. In addition he also tested the move command which the is the command […]
Hello Reader, Another week and another round of quality submissions. Once again Sandor Tokesi has taken a win by including not just all of the file name and standard information attribute timestamps, he also tested cut and paste within a volume and between volumes. In addition he also tested the move command which the is the command […]
Hello Reader, I’m back in the United States for awhile and with that should signal a return of the test kitchen in coming nights. Until then I thought I post my current planned outline for the new book to be named Windows Forensics: DFIR InDepth. What I’m looking for at this point is your feedback on what else […]
Hello Reader, I’m back in the United States for awhile and with that should signal a return of the test kitchen in coming nights. Until then I thought I post my current planned outline for the new book to be named Windows Forensics: DFIR InDepth. What I’m looking for at this point is your feedback on what else […]
Hello Reader,I’m sitting on another long flight heading back to Texas from dubai. Thanks and gratitude for all of my students this week who asked great questions and opened new research points I need to flush out in future testing. I thought since I don’t know if this flight will have wifi I would write down why I’m going to […]
Hello Reader,I’m sitting on another long flight heading back to Texas from dubai. Thanks and gratitude for all of my students this week who asked great questions and opened new research points I need to flush out in future testing. I thought since I don’t know if this flight will have wifi I would write down why I’m going to […]
