Gesamtlänge aller Episoden: 6 days 5 minutes
In the last episode I talked about PW psychology, an important part of operationalizing any PW cracking tool effectively. Face it, the math is against you so understanding a person’s probable PW patterns is important. In this episode we will...
The next mini series will focus on open source password attack tools. There are some pay options out there, however, most IR teams do not have a need for it and disk forensic teams use if infrequently. Despite this many labs want the capability...
The $UsnJrnl is an artifact that logs certain changes to files in NTFS volumes. It is a great source of timeline information for malware\ IR investigations, time stomping concerns and anti-forensics activities (i.e. wiping) as well as an...
In this episode I talk Shimcache, otherwise known as the Application Compatibility Cache. This registry key has existed since Windows XP and tracks executable on a system, making it a great source of digital evidence for both disk forensics...
In this episode I talk Shimcache, otherwise known as the Application Compatibility Cache. This registry key has existed since Windows XP and tracks executable on a system, making it a great source of digital evidence for both disk forensics...
In this episode I cover something I have been intending to do for some time: a Windows 10 artifacts overview. Here, I explore some key artifacts changes and what has stayed the same. Once I got into it I found there was a lot to talk about so, to...
In this episode I cover something I have been intending to do for some time: a Windows 10 artifacts overview. Here, I explore some key artifacts changes and what has stayed the same. Once I got into it I found there was a lot to talk about so, to...
This episode I talk Just-Metadata, a freely available tool that gathers data about IP addresses from publicly available resources. Check out to learn more. I put together my quick start notes (below) for anyone interested in getting...
This episode I talk Just-Metadata, a freely available tool that gathers data about IP addresses from publicly available resources. Check out to learn more. I put together my quick start notes (below) for anyone interested in getting...
This episode I talk about PALADIN from SUMURI. PALADIN is a modified “live” Linux distribution based on Ubuntu that simplifies various forensics tasks in a forensically sound manner via the PALADIN Toolbox and used by...