easymetadata.com
Links – EasyMetaData
http://www.easymetadata.com/links
Powerful access to data. Forensic & DFIR Resources. 45; Forensic & DFIR Resources. 45; RRTX Blog! Binary foray Blog - Home of ShellBag Explorer Registry Explorer. Computer Forensics at Champlain College Blog. Hacking Exposed Computer Forensics Blog by David Cowen. Http:/ cheeky4n6monkey.blogspot.com/. Https:/ davidkoepi.wordpress.com/. Nibble on dav nads. The Forensic Lunch - Learn Forensics with David Cowen (video podcast). Computer Forensics - Software. Nibble on dav nads. SIFT Workstation by SANS.
windowsir.blogspot.com
Windows Incident Response: Books
http://windowsir.blogspot.com/p/books.html
The Windows Incident Response Blog is dedicated to the myriad information surrounding and inherent to the topics of IR and digital analysis of Windows systems. This blog provides information in support of my books; "Windows Forensic Analysis" (1st thru 4th editions), "Windows Registry Forensics", as well as the book I co-authored with Cory Altheide, "Digital Forensics with Open Source Tools". Windows Forensics and Incident Recovery. Windows Forensic Analysis ( 1/e. Perl Scripting for Windows Security.
cheeky4n6monkey.blogspot.com
Cheeky4n6Monkey - Learning About Digital Forensics: Using SIFT to Crack a Windows (XP) Password from a Forensic Image
http://cheeky4n6monkey.blogspot.com/2011/12/using-sift-to-crack-windows-xp-password_27.html
The (Badly) Illustrated Musings of a Cheeky Forensics Monkey . Tuesday, 27 December 2011. Using SIFT to Crack a Windows (XP) Password from a Forensic Image. In the previous post, we focused on retrieving Windows login passwords from a memory dump using Volatility. But what happens if you don't have a memory dump / only have a forensic image of the hard drive? Well, Rob Lee. Has kindly provided the tools in the SANS SIFT. V212) workstation and Irongeek. And crack them using John The Ripper. 2 Type "samdum...
cheeky4n6monkey.blogspot.com
Cheeky4n6Monkey - Learning About Digital Forensics: Detecting Spoofed Emails with SIFT's pffexport and some Perl scripting
http://cheeky4n6monkey.blogspot.com/2012/03/detecting-spoofed-emails-with-sifts.html
The (Badly) Illustrated Musings of a Cheeky Forensics Monkey . Thursday, 8 March 2012. Detecting Spoofed Emails with SIFT's pffexport and some Perl scripting. One likely issue facing today's forensicator is the sheer number of emails people keep in their Inboxes. These numbers can grow at a phenomenal rate especially if the user subscribes to multiple mailing lists. Unsure if was SANS. O) recently suggested using pffexport. For one of my previous posts dealing with email analysis. Like readpst. Under "us...
cheeky4n6monkey.blogspot.com
Cheeky4n6Monkey - Learning About Digital Forensics: June 2014
http://cheeky4n6monkey.blogspot.com/2014_06_01_archive.html
The (Badly) Illustrated Musings of a Cheeky Forensics Monkey . Friday, 13 June 2014. Monkeying around with Windows Phone 8.0. Ah, the wonders of Windows Phone 8.0 . Failing eyesight, Frustration and Squirrel chasing. Updated last section with deleted record observations from a Nokia Lumia 530. Device running Windows Phone 8.10. Special Thanks to Detective Cindy Murphy. Lieutenant Jennifer Krueger Favour. And the Madison Police Department ("Forensicate Like A Champion! Thanks to Maggie Gaffney. Later, we ...
windowsir.blogspot.com
Windows Incident Response: Ghost Busting
http://windowsir.blogspot.com/2015/07/ghost-busting.html
The Windows Incident Response Blog is dedicated to the myriad information surrounding and inherent to the topics of IR and digital analysis of Windows systems. This blog provides information in support of my books; "Windows Forensic Analysis" (1st thru 4th editions), "Windows Registry Forensics", as well as the book I co-authored with Cory Altheide, "Digital Forensics with Open Source Tools". Monday, July 13, 2015. First, read Jack's post, Don't wait for an intrusion to find you. Okay, maybe not.but.
windowsir.blogspot.com
Windows Incident Response: RegRipper plugin update
http://windowsir.blogspot.com/2015/06/regripper-plugin-update.html
The Windows Incident Response Blog is dedicated to the myriad information surrounding and inherent to the topics of IR and digital analysis of Windows systems. This blog provides information in support of my books; "Windows Forensic Analysis" (1st thru 4th editions), "Windows Registry Forensics", as well as the book I co-authored with Cory Altheide, "Digital Forensics with Open Source Tools". Thursday, June 11, 2015. I just pushed out an update to the appcompatcache.pl. So, what does this mean? Done That...
windowsir.blogspot.com
Windows Incident Response: June 2015
http://windowsir.blogspot.com/2015_06_01_archive.html
The Windows Incident Response Blog is dedicated to the myriad information surrounding and inherent to the topics of IR and digital analysis of Windows systems. This blog provides information in support of my books; "Windows Forensic Analysis" (1st thru 4th editions), "Windows Registry Forensics", as well as the book I co-authored with Cory Altheide, "Digital Forensics with Open Source Tools". Tuesday, June 23, 2015. The Blue Team Myth. The 2015 M-Trends Report. The 2015 TrustWave Global Security Report.
windowsir.blogspot.com
Windows Incident Response: Links
http://windowsir.blogspot.com/2015/06/links.html
The Windows Incident Response Blog is dedicated to the myriad information surrounding and inherent to the topics of IR and digital analysis of Windows systems. This blog provides information in support of my books; "Windows Forensic Analysis" (1st thru 4th editions), "Windows Registry Forensics", as well as the book I co-authored with Cory Altheide, "Digital Forensics with Open Source Tools". Sunday, June 07, 2015. If you haven't heard, the new SANS DFIR "Evidence of." poster. What's New in Windows 10.
windowsir.blogspot.com
Windows Incident Response: RegRipper Updates
http://windowsir.blogspot.com/2012/08/regripper-updates.html
The Windows Incident Response Blog is dedicated to the myriad information surrounding and inherent to the topics of IR and digital analysis of Windows systems. This blog provides information in support of my books; "Windows Forensic Analysis" (1st thru 4th editions), "Windows Registry Forensics", as well as the book I co-authored with Cory Altheide, "Digital Forensics with Open Source Tools". Saturday, August 11, 2012. Such as this one describing the plugin architecture. Speaking of plugins, Hal Pomeranz.
SOCIAL ENGAGEMENT