skip to main
|
skip to sidebar
Pages
Tools
Posts
Home
Posts
Forensic Artifacts
Shellbags Forensics: Addressing a Misconception
(interpretation, step-by-step testing, new findings, & more)
UserAssist Forensics
(timelines, interpretation, testing, & more)
Jump List Forensics: AppIDs Part 1
Jump List Forensics: AppIDs Part 2
Jump List Forensics: AppID Master List (400+ AppIDs)
Forensics Quickies
Identifying an Unknown GUID with Shellbags Explorer, Detailing Shell Item Extension Block 0xbeef0026, & Creative Cloud GUID Behavior
Methodology for Identifying Linux ext4 Timestamp Values in debugfs `stat` Command
Methodology for Identifying "Clear Recent History" Settings for an Old Version of Firefox
Accessing & Copying Volume Shadow Copy Contents From Live Remote Systems
PowerShell Versions and the Registry
NTUSER.DAT Analysis (SANS CEIC 2015 Challenge #1 Write-Up)
Merging VMDKs & Delta/Snapshot Files (2 Solutions)
Verifying Program Behavior Using Source Code
PDF Metadata Forensics (Sunday Funday Answer)
Pinpointing Recent File Activity - RecentDocs
Mounting Split .vmdk
Extracting Unallocated Space with The Sleuth Kit
Recovering Deleted Files with Scalpel (.CR2 Photos)
Home
Blog Archive
▼
2018
(2)
▼
July
(1)
Forensics Quickie: Identifying an Unknown GUID wit...
►
January
(1)
►
2017
(2)
►
November
(1)
►
February
(1)
►
2016
(2)
►
August
(1)
►
March
(1)
►
2015
(1)
►
May
(1)
►
2014
(5)
►
August
(1)
►
April
(1)
►
March
(1)
►
February
(2)
►
2013
(2)
►
December
(1)
►
May
(1)
►
2012
(2)
►
February
(1)
►
January
(1)
►
2011
(3)
►
September
(3)