Surviving Internet Crimes

The FBI’s Internet Crime Complaint Center (IC3)recently published their 2017 Internet Crime […]

Metrics That Matter

I’m frequently asked what metrics a security program should be collecting. The […]


It is always better to be forthcoming and proactive with breach notifications. […]


What’s in a name? That which we call a profile By any […]

On Espionage

I recently read an article that included the following quote: “During Chinese […]


Named Key cells are the data structures within the Registry that hold […]


The contents of Registry files are saved in Hive Bins. The previously […]


Every Registry file starts with a 4,096 byte header block. The first 512 […]

Registry Overview

The first step to forensic analysis of the Registry is knowing where […]


There are a plethora of keys in the Registry dedicated to telling […]


Plist files are found sprinkled throughout OS X and iOS and contain the various configuration settings and other information of use to the OS and applications.


I’m not sure how I missed it when it came out in […]

RAW Images

Many digital cameras will compress their images into JPEG files, making them […]

NTFS Fix-Ups

I was asked what this Fix-up thing was that I mentioned in […]

$I30 INDX Parsing

I needed to walk a directory index for another script I was […]

MFT Parsing

So, I was having lunch with my good friend Mike. Great guy. […]


This is an EnCase EnScript I wrote a few years back.  The […]