Tuesday, December 16, 2014

SANS Webcast and PFIC Slides/Labs

Hello Reader,
        If you attended my session at PFIC hopefully you already took these labs with you, if not I'll be linking them down below. For those of who attended my SANS webcast today I hope you found it useful! Now you can try it yourself.

If you didn't attend either I'll explain what's contained within. I presented on how to do USN Journal Analysis using the free version of our tool Triforce ANJP to:
  • Recover the names of wiped files
  • Prove what was uploaded and downloaded from Dropbox
  • Show what attachments were accessed from Outlook 2007 and greater
and more analysis tips. Hopefully you'll find it helpful!

Link to SANS webcast:

First here are the slides from today's webcast:

Link to download the sample evidence to do the labs from today's webcast:

Download Triforce ANJP here:

Forensic Lunch 12/12/14 - Shellbags continued

Hello Reader,
     Eric Zimmerman returned this week to join us on the Forensic Lunch talking about his research into Shellbags and his tool Shellbag Explorer. Also this week Lee Whitefield joined us to talk about the Sony breach and Matthew and I previewed the tools coming out of our lab here at G-C Partners, LLC.

Give it a watch below: