May 22, 2018
This week I talk about Linux triage using the /.bash_history artifact
May 15, 2018
This week I review two tools for extracting and parsing USNJRNL evidence.
May 8, 2018
This week I talk about a clever way to leverage Volatility to triage malware on a target system
May 1, 2018
This week I talk about 6 different prefetch tools that are FREE!
Apr 24, 2018
This week I talk about keeping up with attack intelligence.
Apr 17, 2018
This week I do a tool review of CYLR and CDQR - perhaps the easiest way to build an awesome timeline
Apr 10, 2018
This week I talk how common ports plays into network forensics.
Apr 3, 2018
This week I go over some Network Forensic artifacts and what they offer to an investigation.
Mar 27, 2018
This week I review two freely available forensic tools from Foxton Forensics
Mar 20, 2018
This week I talk about OLEDump, a malware analysis tool for investigating suspicious macros in MS Office documents
Mar 13, 2018
This week I talk about Cutter, a static malware analysis tool by Radare
Feb 27, 2018
This week I go over an easy way to get set-up to start using crypto-currency to testing \ validation \ and self-training purposes
Feb 20, 2018
This week I interview an industry expert about mobile device JTAG and ISP forensics.
Feb 13, 2018
This week I talk about the userassist artifact for file use and knowledge investigations.
Feb 6, 2018
This week I talk about resolving USB usage back to specific systems and user accounts.
Jan 30, 2018
This week I talk about Windows Explorer evidence.
Jan 23, 2018
This week I talk about Windows Shellbags.
Jan 16, 2018
This week I continue the back to basics series with talk on the Windows Shimcache.
Jan 9, 2018
This week it's a refresher on the Windows Prefetch, a core Microsoft artifact every examiner should know.
Jan 2, 2018
This week I kick off a revisit of the fundamentals helpful to all new examiners.
Dec 26, 2017
This week I go over some "go to" Windows Event Logs.
Dec 19, 2017
This week I talk about Mac Logs, namely the new Unified Logging in OS X and how this impacts forensic exams.
Dec 12, 2017
This week I talk about the "built-in" eDiscovery tools for Office 365
Dec 5, 2017
This week I break down the different variations of the "malware analyst." Do you qualify as one?
Nov 28, 2017
This week I talk about the volatility plug-ins for autopsy that allow you to do memory forensics in the autopsy forensic console.