binaryforay.blogspot.com

4n6k.com

4n6k: Forensic FOSS: 4n6k_volatility_installer.sh - Install Volatility For Linux Automatically

http://www.4n6k.com/2014/08/forensic-foss-4n6kvolatilityinstallersh.html

Tuesday, August 26, 2014. Forensic FOSS: 4n6k volatility installer.sh - Install Volatility For Linux Automatically. These posts will consist of open source software for use in everyday forensic investigations. Of this project by @wzod. 4n6k volatility installer.sh. Is a bash script that installs Volatility 2.4 (and all dependencies) for Ubuntu Linux with one command. Why Do I Need It? An internet connection and an APT-based Linux distribution [for the time being]. This script has been tested on stock...

4n6k.com

4n6k: September 2011

http://www.4n6k.com/2011_09_01_archive.html

Wednesday, September 28, 2011. Forensics Quickie: Mounting Split .vmdk. These posts will consist of small tidbits of useful information that can be explained very succinctly. You're tasked with examining a VMware virtual disk. On your way to acquire the .vmdk file, you notice that there's not one, but several .vmdk files. A split VM! You know FTK Imager supports mounting .vmdk, so you go ahead and attempt to mount it. But.it only accepts one .vmdk file! For spurring this topic. Links to this post. Jump L...

4n6k.com

4n6k: May 2013

http://www.4n6k.com/2013_05_01_archive.html

Tuesday, May 14, 2013. UserAssist Forensics (timelines, interpretation, testing, and more). Everything I've learned on the subject of digital forensics has been a direct result of both experience and reading forensics books, blogs, and list-serv responses written by people like Ken Pryor, Harlan Carvey, Eoghan Casey, Chad Gough,. Before I get into the bulk of it a ll,. Let me note that UserAssist artifacts are nothing new. Didier Stevens. Each count subkey contains ROT-13 encoded values; each value is a ...

4n6k.com

4n6k: About

http://www.4n6k.com/p/about.html

TL;DR: I enjoy doing research and writing about it. More details on LinkedIn. I've taken up the task of learning as much as possible about digital forensics on my own time. My particular focus and interest lie within behavioral analysis of user activity/malware artifacts. Discovering the process by which a user interacts with a computer could be a key determinant in the prosecution or defense of a guilty or innocent individual - I'd say that's a pretty big deal, wouldn't you? Add me on LinkedIn. Registry...

4n6k.com

4n6k: Posts

http://www.4n6k.com/p/forensic-posts.html

Shellbags Forensics: Addressing a Misconception. Interpretation, step-by-step testing, new findings, and more). Timelines, interpretation, testing, and more). Jump List Forensics: AppIDs Part 1. Jump List Forensics: AppIDs Part 2. Jump List Forensics: AppID Master List (400 AppIDs). Forensics Quickie: PowerShell Versions and the Registry. Forensics Quickie: NTUSER.DAT Analysis (SANS CEIC 2015 Challenge #1 Write-Up). Forensics Quickie: Merging VMDKs and Delta/Snapshot Files (2 Solutions). Possible Unknown...

4n6k.com

4n6k: January 2012

http://www.4n6k.com/2012_01_01_archive.html

Sunday, January 8, 2012. Forensics Quickie: Recovering Deleted Files With Scalpel (.CR2 Photos). These posts will consist of small tidbits of useful information that can be explained very succinctly. SD card was accidentally formatted; RAW photos in .cr2 format from a Canon Rebel T3 needed to be recovered. Boot up a Linux VM (I chose Ubuntu) and install Scalpel with:. Sudo apt-get install scalpel. Check to see if the required filetype signature is supported by Scalpel by default :. Links to this post.

hecfblog.com

Hacking Exposed Computer Forensics Blog: March 2015

http://www.hecfblog.com/2015_03_01_archive.html

Expert Witness and Expert Consulting Services. Digital Litigation Support Services. Be our friend on facebook. To visit and become a fan and get updates to new projects and share links with other readers. Sunday, March 22, 2015. Automating DFIR - How to series on programming libtsk with python Part 11. Github repository is here: https:/ github.com/dlcowen/dfirwizard. Now before we continue a reminder, don't start on this post! Part 1 - Accessing an image and printing the partition table. In this post we ...

4n6k.com

4n6k: UserAssist Forensics (timelines, interpretation, testing, & more)

http://www.4n6k.com/2013/05/userassist-forensics-timelines.html

Tuesday, May 14, 2013. UserAssist Forensics (timelines, interpretation, testing, and more). Everything I've learned on the subject of digital forensics has been a direct result of both experience and reading forensics books, blogs, and list-serv responses written by people like Ken Pryor, Harlan Carvey, Eoghan Casey, Chad Gough,. Before I get into the bulk of it a ll,. Let me note that UserAssist artifacts are nothing new. Didier Stevens. Each count subkey contains ROT-13 encoded values; each value is a ...

easymetadata.com

Links – EasyMetaData

http://www.easymetadata.com/links

Powerful access to data. Forensic & DFIR Resources. 45; Forensic & DFIR Resources. 45; RRTX Blog! Binary foray Blog - Home of ShellBag Explorer Registry Explorer. Computer Forensics at Champlain College Blog. Hacking Exposed Computer Forensics Blog by David Cowen. Http:/ cheeky4n6monkey.blogspot.com/. Https:/ davidkoepi.wordpress.com/. Nibble on dav nads. The Forensic Lunch - Learn Forensics with David Cowen (video podcast). Computer Forensics - Software. Nibble on dav nads. SIFT Workstation by SANS.

blog.4n6ir.com

4n6ir: February 2016

http://blog.4n6ir.com/2016_02_01_archive.html

Monday, February 29, 2016. Building Python Packages, By a Novice. I am excited to see that Evolve has been getting some use by more and more people. It has gained enough use and attention to even get the attention of SANS. They want to include Evolve in their SIFT workstation. Build This is by no means an endorsement by SANS, but it means a lot to an open source developer to know that their tools are being used and helpful. Creating the setup.py file to start it all off. Http:/ blog.codekills.net...This ...