Surviving Internet Crimes
The FBI’s Internet Crime Complaint Center (IC3)recently published their 2017 Internet Crime […]
Category: Uncategorized
Metrics That Matter
I’m frequently asked what metrics a security program should be collecting. The […]
Transparency
It is always better to be forthcoming and proactive with breach notifications. […]
Profiles
What’s in a name? That which we call a profile By any […]
On Espionage
I recently read an article that included the following quote: “During Chinese […]
nk
Named Key cells are the data structures within the Registry that hold […]
hbin
The contents of Registry files are saved in Hive Bins. The previously […]
regf
Every Registry file starts with a 4,096 byte header block. The first 512 […]
Registry File Specification
After reviewing several other sources, notably from Morgan and Norris, I’ve decided that […]
Registry Overview
The first step to forensic analysis of the Registry is knowing where […]
Registry Internal Structure
Searching for information about the innards of the Registry returns a whole […]
MRU
There are a plethora of keys in the Registry dedicated to telling […]
Collection Scripts
For many years now I’ve tried to do all my live collection […]
Useful Windows Commands
These are useful command lines that are all based on built-in Windows […]
Utilities by the Thousands
As I was putting together the list of command line tools to […]
Command Line Happiness
There is no contesting that the command line in a Linux/Mac environment […]
Bulk Extract EXIF
I was asked not too long ago about how to extract metadata […]
Plists
Plist files are found sprinkled throughout OS X and iOS and contain the various configuration settings and other information of use to the OS and applications.
People still use Word macros!?!
I got an interesting email today. The headers: Received: from […]
Registry
I’m not sure how I missed it when it came out in […]
RAW Images
Many digital cameras will compress their images into JPEG files, making them […]
NTFS Fix-Ups
I was asked what this Fix-up thing was that I mentioned in […]
$I30 INDX Parsing
I needed to walk a directory index for another script I was […]
MFT Parsing
So, I was having lunch with my good friend Mike. Great guy. […]
Autoruns
This is an EnCase EnScript I wrote a few years back. The […]