Jan 17, 2018
This week I talk about a simple, but yet highly effective, OSINT tool - theHarvester.
Jan 16, 2018
This week I continue the back to basics series with talk on the Windows Shimcache.
Jan 9, 2018
This week it's a refresher on the Windows Prefetch, a core Microsoft artifact every examiner should know.
Jan 2, 2018
This week I kick off a revisit of the fundamentals helpful to all new examiners.
Dec 26, 2017
This week I go over some "go to" Windows Event Logs.
Dec 19, 2017
This week I talk about Mac Logs, namely the new Unified Logging in OS X and how this impacts forensic exams.
Dec 12, 2017
This week I talk about the "built-in" eDiscovery tools for Office 365
Dec 5, 2017
This week I break down the different variations of the "malware analyst." Do you qualify as one?
Nov 28, 2017
This week I talk about the volatility plug-ins for autopsy that allow you to do memory forensics in the autopsy forensic console.
Nov 21, 2017
This week I talk about the new file system released by Apple, APFS, and what it means for forensic examiners.
Nov 14, 2017
This week I talk about RTFM, the companion to the blue team field manual that's filled with over 1000 commands for windows and Linux.
Nov 7, 2017
This week talk about the Microsoft Evaluation Center, a resource Microsoft office to obtain evaluation versions of operating systems and products.
Oct 31, 2017
This week I interview a DFIR practitioner about some of the little known facts about a career in the industry.
Oct 24, 2017
This week I talk about the most popular artifacts to prove application execution
Oct 17, 2017
This week I interview a DFIR professional about his decision to get a Masters Degree in cyber security.
Oct 10, 2017
This week I review a freely available Windows Live Response collection tool available from BriMor Labs.
Oct 3, 2017
This week I talk Stego; what it is and what challenges is presents to DFIR professionals.
Sep 26, 2017
This week I review Blue Team Field Manual, a reference guide for DFIR practitioners.
Sep 19, 2017
This week I talk about cree.py, an OSINT tool to profile social media accounts by geolocation.
Sep 12, 2017
This week I talk how to make a forensic iPhone backup using iTunes and triage of iPhone backup files using free forensic tools.
Sep 5, 2017
This week I go over OSX Collector, a freely available tool to collect and preprocess Mac artifacts for DFIR investigations.
Aug 29, 2017
This week I talk about 4 questions about your DFIR unit from an operations standpoint to identify holes and get a better sense of your investigative capabilities.
Aug 22, 2017
This week I talk about crypto currency 2.0 and feature DASH as the example.
Aug 15, 2017
This week I provide an overview of Bitcoin forensics for examiners new to these investigations.
Aug 8, 2017
This week I break down crypto currency concepts for new computer forensic examiners.