Hacking Exposed Computer Forensics Blog

Daily Blog #439: Jumplist maximum storage

David Cowen July 31, 2018

Hello Reader, There is some interesting testing going on with shell item storage. The quirks of lnk files naming and storage by ...

Daily Blog #439: Jumplist maximum storage Reviewed by David Cowen on July 31, 2018 Rating: 5

Daily Blog validation

Daily Blog #438: Validating the Windows 10 Copy Paste artifact

David Cowen July 30, 2018

Hello Reader, If you don't read the port139 blog, you should! On the most recent post the port139 blog, translated from Japan...

Daily Blog #438: Validating the Windows 10 Copy Paste artifact Reviewed by David Cowen on July 30, 2018 Rating: 5

Daily Blog sunday funday

Daily Blog #437: Sunday Funday 7/29/18

David Cowen July 29, 2018

Hello Reader, Another week, another challenge. If you are reading this don't feel your answer needs to perfect to submit. Y...

Daily Blog #437: Sunday Funday 7/29/18 Reviewed by David Cowen on July 29, 2018 Rating: 5

sunday funday timezone

Daily Blog #436: Solution Saturday 7/28/18

David Cowen July 29, 2018

Hello Reader, Jet Lag got me and I fell asleep before posting this earlier, but I'll take advantage of this random wake u...

Daily Blog #436: Solution Saturday 7/28/18 Reviewed by David Cowen on July 29, 2018 Rating: 5

bitlocker ctf Daily Blog defcon forensic lunch

Daily Blog #435: Forensic Lunch 7/27/18

David Cowen July 27, 2018

Hello Reader, Greetings from my flight from Abu Dhabi to Dallas, Texas. We had a Forensic Lunch today with just Matt and I talk...

Daily Blog #435: Forensic Lunch 7/27/18 Reviewed by David Cowen on July 27, 2018 Rating: 5

bitlocker Daily Blog

Daily Blog #434: Bitlocker Experiments Part 5

David Cowen July 26, 2018

Hello Reader, As I was looking at the FVE metadata header and decoding the output I realized two things. 1. There is more h...

Daily Blog #434: Bitlocker Experiments Part 5 Reviewed by David Cowen on July 26, 2018 Rating: 5

bitlocker Daily Blog

Daily Blog #433: Bitlocker Experiments Part 4

David Cowen July 25, 2018

Hello Reader, I've now extracted the FVE Metadata block from a vhd encrypted with bitlocker while bitlocker is active a...

Daily Blog #433: Bitlocker Experiments Part 4

Reviewed by David Cowen on July 25, 2018 Rating: 5

bitlocker Daily Blog

Daily Blog #432: Bitlocker Experiments Part 3

David Cowen July 24, 2018

Hello Reader, I was reading the libbde specification again and noticed I was missing something in the screenshots I posted...

Daily Blog #432: Bitlocker Experiments Part 3

Reviewed by David Cowen on July 24, 2018 Rating: 5

bitlocker Daily Blog

Daily Blog #431: Bitlocker Experiments Part 2

David Cowen July 23, 2018

Hello Reader, I'm continuing my Bitlocker experiments while here in Abu Dhabi until I return home this weekend to do more...

Daily Blog #431: Bitlocker Experiments Part 2

Reviewed by David Cowen on July 23, 2018 Rating: 5

Daily Blog sunday funday timezone

Daily Blog #430: Sunday Funday 7/22/18

David Cowen July 22, 2018

Hello Reader, Another week already? Time for another challenge to keep your wheels turning and your research skills sharp. Th...

Daily Blog #430: Sunday Funday 7/22/18 Reviewed by David Cowen on July 22, 2018 Rating: 5

cortana Daily Blog sunday funday

Daily Blog #429: Solution Saturday 7/21/18

David Cowen July 21, 2018

Hello Reader, Another week, another challenge. It came down to the wire, that I extended, but we have an answer and a winner. ...

Daily Blog #429: Solution Saturday 7/21/18 Reviewed by David Cowen on July 21, 2018 Rating: 5

arman gungor Daily Blog extended mapi forensic lunch metaspike

Daily Blog #428: Forensic Lunch 7/20/18

David Cowen July 20, 2018

Hello Reader, We had a great Forensic Lunch today with our guest Arman Gungor (@armangungor) from metaspike.com , talking abou...

Daily Blog #428: Forensic Lunch 7/20/18

Reviewed by David Cowen on July 20, 2018 Rating: 5

bitlocker Daily Blog

Daily Blog #427: Bitlocker Experiments Part 1

David Cowen July 20, 2018

Hello Reader, In a prior Sunday Funday regarding Bitlocker drives and Windows upgrades I extended my ask a bit too far in what I...

Daily Blog #427: Bitlocker Experiments Part 1

Reviewed by David Cowen on July 20, 2018 Rating: 5

copy and paste Daily Blog directory jump lists

Daily Blog #426: Directory Copy and Paste Artifacts in Windows 10

David Cowen July 18, 2018

Hello Reader, I've talked about this in the Forensic Lunch and I think showed it once in a Test Kitchen but I don't ...

Daily Blog #426: Directory Copy and Paste Artifacts in Windows 10 Reviewed by David Cowen on July 18, 2018 Rating: 5

Daily Blog how i use it user assist

Daily Blog #425: How I Use It: Userassist

David Cowen July 18, 2018

Hello Reader, I'm currently teaching in Abu Dhabi and hanging out with my family at night which means I'm not investi...

Daily Blog #425: How I Use It: Userassist Reviewed by David Cowen on July 18, 2018 Rating: 5

computername Daily Blog how does it work

Daily Blog #424: The registry key so nice they named it twice, computername computername

David Cowen July 17, 2018

Hello Reader, I enjoy teaching forensics as students always ask questions to make you figure out things you just take for g...

Daily Blog #424: The registry key so nice they named it twice, computername computername

Reviewed by David Cowen on July 17, 2018 Rating: 5

Daily Blog sunday funday

Daily Blog #423: Sunday Funday 7/15/18

David Cowen July 15, 2018

Hello Reader, Windows 10 keeps on changing and with it new features come along that we care about and old features we were excit...

Daily Blog #423: Sunday Funday 7/15/18 Reviewed by David Cowen on July 15, 2018 Rating: 5

office 365 sunday funday

Daily Blog #422 Solution Saturday 7/14/18

David Cowen July 15, 2018

Hello Reader, Things are always changing in forensics and especially forensic analysis of cloud hosted systems. This weeks challe...

Daily Blog #422 Solution Saturday 7/14/18 Reviewed by David Cowen on July 15, 2018 Rating: 5

Daily Blog office 365 unicorn

Daily Blog #421: Magical DFIR Beasts and where to find them

David Cowen July 13, 2018

Hello Reader, Good news, the Unicorn maybe dead but it turns out all of the issues that it raised is causing a major cha...

Daily Blog #421: Magical DFIR Beasts and where to find them Reviewed by David Cowen on July 13, 2018 Rating: 5

ctf Daily Blog defcon

Daily Blog #420: 2018 Unofficial Defcon CTF Update

David Cowen July 12, 2018

Hello Reader, In the first 24 hours we've already had 39 signups for the CTF, last year we had 125 and I've expanded th...

Daily Blog #420: 2018 Unofficial Defcon CTF Update Reviewed by David Cowen on July 12, 2018 Rating: 5

ctf Daily Blog defcon

Daily Blog #419: Unofficial Defcon DFIR CTF 2018

David Cowen July 10, 2018

Hello Reader, Matt and I are working on creating the evidence you will be examining for next months Unofficial Defcon DFIR CTF...

Daily Blog #419: Unofficial Defcon DFIR CTF 2018 Reviewed by David Cowen on July 10, 2018 Rating: 5

Daily Blog extended mapi owa

Daily Blog #418: Exploring Extended MAPI part 19

David Cowen July 09, 2018

Hello Reader, Since my last test that showed that the Extended MAPI data wasn't be updated when I modified a message in OWA i...

Daily Blog #418: Exploring Extended MAPI part 19

Reviewed by David Cowen on July 09, 2018 Rating: 5

Top Ad unit 728 × 90

Latest News

Daily Blog #439: Jumplist maximum storage

Daily Blog #438: Validating the Windows 10 Copy Paste artifact

Daily Blog #437: Sunday Funday 7/29/18

Daily Blog #436: Solution Saturday 7/28/18

Daily Blog #435: Forensic Lunch 7/27/18

Daily Blog #434: Bitlocker Experiments Part 5

Daily Blog #433: Bitlocker Experiments Part 4

Daily Blog #432: Bitlocker Experiments Part 3

Daily Blog #431: Bitlocker Experiments Part 2

Daily Blog #430: Sunday Funday 7/22/18

Daily Blog #429: Solution Saturday 7/21/18

Daily Blog #428: Forensic Lunch 7/20/18

Daily Blog #427: Bitlocker Experiments Part 1

Daily Blog #426: Directory Copy and Paste Artifacts in Windows 10

Daily Blog #425: How I Use It: Userassist

Daily Blog #424: The registry key so nice they named it twice, computername computername

Daily Blog #423: Sunday Funday 7/15/18

Daily Blog #422 Solution Saturday 7/14/18

Daily Blog #421: Magical DFIR Beasts and where to find them

Daily Blog #420: 2018 Unofficial Defcon CTF Update

Daily Blog #419: Unofficial Defcon DFIR CTF 2018

Daily Blog #418: Exploring Extended MAPI part 19

KPMG Advisory

Popular Posts

Blog Archive

Random Posts

Recent Posts

Contact Form

Top Ad unit 728 × 90

Latest News

Social Counter

KPMG Advisory

Popular Posts

Blog Archive

Random Posts

Recent Posts

Contact Form