Friday, September 20, 2013

Daily Blog #89: Forensic Lunch 9/20/13

Hello Reader,
           We have another great Forensic Lunch for you, thanks to all of you who watched live with us! I hope you can join us for the next live broadcast so you can get your questions in. This week we had:
  • Suzanne Widup with Verizon DBIR talking about VCDB
  • Jonathan Tomczak with TZWorks talking about new developments in tracking lnk, jumplists and shellbags with mft reference numbers back to the files they reference with gena and other tools
  • Blazer Catzen with Catzen Forensics talking about more HTML5 offline content research, linkedin ios message recovery, comparing tools for parsing IOS backups and tool testing
  • Matt and myself talking about HFS+ Journaling, rewriting the current NTFS Journal parser and other topics
Links for this week:
For the VCDB You can get an overview here:
http://public.tableausoftware.com/views/vcdb/Overview for VCDB.
The VCDB Github is located here:
https://github.com/vz-risk/VCDB
And the currently open issues is here:
https://github.com/vz-risk/VCDB/issues?state=open

You can visit Tzworks here:
https://www.tzworks.net/

And get the tools shown today here:
LNK Parser: https://www.tzworks.net/prototype_page.php?proto_id=11
Jump list parser: https://www.tzworks.net/prototype_page.php?proto_id=20
Shellbag parser: https://www.tzworks.net/prototype_page.php?proto_id=14
GENA here: https://www.tzworks.net/prototype_page.php?proto_id=28

I hope you like it, if you want to be on the Forensic Lunch just send me an email dcowen@g-cpartners.com we are always looking for new people to come and share with us.