Hacking Exposed Computer Forensics Blog

Daily Blog #468: Jessica Hyde on Rally Security

David Cowen August 30, 2018

Hello Reader, If you want to understand how people outside of our DFIR space see and understand us, even with a technical infosec b...

Daily Blog #468: Jessica Hyde on Rally Security Reviewed by David Cowen on August 30, 2018 Rating: 5

Daily Blog directories objectid test kitchen windows 7

Daily Blog #467: Forensic Lunch Test Kitchen 8/29/18

David Cowen August 29, 2018

Hello Reader, I've had a string of test kitchens this week all revolving around ObjectIDs. Today I extend and test Ken Pryor&...

Daily Blog #467: Forensic Lunch Test Kitchen 8/29/18

Reviewed by David Cowen on August 29, 2018 Rating: 5

chrome Daily Blog download firefox objectid windows 10 windows 7

Daily Blog #466: Forensic Lunch Test Kitchen 8/28/18

David Cowen August 28, 2018

Hello Reader, Another Test Kitchen has been recorded. If you want to catch these live I can't promise any particular broad...

Daily Blog #466: Forensic Lunch Test Kitchen 8/28/18

Reviewed by David Cowen on August 28, 2018 Rating: 5

Daily Blog london SANS

Daily Blog #465: Coming to London

David Cowen August 27, 2018

Hello Reader, In the UK or Europe? In three weeks on September 17, 2018 I'll be teaching SANS FOR500 Windows Forensics with Le...

Daily Blog #465: Coming to London Reviewed by David Cowen on August 27, 2018 Rating: 5

Daily Blog objectid sunday funday

Daily Blog #464: Sunday Funday 8/26/18

David Cowen August 26, 2018

Hello Reader, I've been looking into ObjectIDs quite a bit lately so why not open up the fun to all of you and let's see what ...

Daily Blog #464: Sunday Funday 8/26/18 Reviewed by David Cowen on August 26, 2018 Rating: 5

Daily Blog #463: Solution Saturday 8/25/18

David Cowen August 26, 2018

Hello Reader, This weeks submissions missed the mark, I got some submissions about lnk file security vulnerabilities but none addres...

Daily Blog #463: Solution Saturday 8/25/18 Reviewed by David Cowen on August 26, 2018 Rating: 5

Daily Blog objectid windows 10

Daily Blog #462: ObjectIDs and intrusion triage

David Cowen August 25, 2018

Hello Reader, I was thinking more about yesterdays test kitchen in regards to ObjectID creation on Windows 10. To summarize the p...

Daily Blog #462: ObjectIDs and intrusion triage Reviewed by David Cowen on August 25, 2018 Rating: 5

Daily Blog objectid test kitchen windows 10 windows 7

Daily Blog #461: Forensic Lunch Test Kitchen 8/23/18

David Cowen August 24, 2018

Hello Reader, Another day, another Test Kitchen! Sometimes it's easier just to stream out to Youtube a test rather tha...

Daily Blog #461: Forensic Lunch Test Kitchen 8/23/18

Reviewed by David Cowen on August 24, 2018 Rating: 5

Daily Blog jump lists windows 7

Daily Blog #460: Test Kitchen 8/22/18

David Cowen August 22, 2018

Hello Reader, If you were a subscriber to my YouTube channel you would have seen a notification that I was live tonight. Toni...

Daily Blog #460: Test Kitchen 8/22/18

Reviewed by David Cowen on August 22, 2018 Rating: 5

Daily Blog evalexperience vmug vmware

Daily Blog #459: Building a testing lab on a budget

David Cowen August 21, 2018

Hello Reader, I know many of you have work or home labs where you do test things, research things and overall use different virtual...

Daily Blog #459: Building a testing lab on a budget Reviewed by David Cowen on August 21, 2018 Rating: 5

Daily Blog objectid

Daily Blog #458: Object IDs

David Cowen August 20, 2018

Hello Reader, In Hideaki Ihara's blog post on the port139 blog , he talks about a subsystem that has been around for quite so...

Daily Blog #458: Object IDs Reviewed by David Cowen on August 20, 2018 Rating: 5

Daily Blog shell items sunday funday

Daily Blog #457: Sunday Funday 8/19/18

David Cowen August 19, 2018

Hello Reader, Microsoft is also introducing subtle changes in Windows, sometimes they were always there but we just didn't notice. Let...

Daily Blog #457: Sunday Funday 8/19/18 Reviewed by David Cowen on August 19, 2018 Rating: 5

Daily Blog #456: Solution Saturday 8/16/18

David Cowen August 18, 2018

Hello Reader, This week Lodrina Cherne swooped in with some interesting research that went way beyond URL history. I think what...

Daily Blog #456: Solution Saturday 8/16/18

Reviewed by David Cowen on August 18, 2018 Rating: 5

ctf Daily Blog

Daily Blog #455: Perfect Score in the Defcon DFIR CTF

David Cowen August 18, 2018

Hello Reader, This post serves to congratulate @gh0stp0p on achieving the first perfect score in the Defcon DFIR CTF! She has not ...

Daily Blog #455: Perfect Score in the Defcon DFIR CTF Reviewed by David Cowen on August 18, 2018 Rating: 5

Daily Blog notifications sqlite write head

Daily Blog #454: SQLite Write Ahead Logs and Python

David Cowen August 16, 2018

Hello Reader, If you haven't already done so check out this blog post from Malware Maloney: https://malwaremaloney.blogspo...

Daily Blog #454: SQLite Write Ahead Logs and Python Reviewed by David Cowen on August 16, 2018 Rating: 5

ctf Daily Blog defcon

Daily Blog #453: Winners of the Unofficial Defcon DFIR CTF

David Cowen August 15, 2018

Hello Reader, I realized that while I posted this on twitter I did not share this on the blog which is the more permanent record o...

Daily Blog #453: Winners of the Unofficial Defcon DFIR CTF

Reviewed by David Cowen on August 15, 2018 Rating: 5

Daily Blog.#452 Dealing with deleted shadow copies

David Cowen August 14, 2018

Hello Reader, For those of you who use libvshadow you may have noticed that it shows deleted shadow copies but does not differentia...

Daily Blog.#452 Dealing with deleted shadow copies Reviewed by David Cowen on August 14, 2018 Rating: 5

ctf Daily Blog defcon

Daily Blog #451: Defcon DFIR CTF 2018 Open to the Public

David Cowen August 13, 2018

Hello Reader, This year at Defcon we made things interesting with a challenge that involves making your way through 3 images t...

Daily Blog #451: Defcon DFIR CTF 2018 Open to the Public Reviewed by David Cowen on August 13, 2018 Rating: 5

Daily Blog sunday funday

Daily Blog #450: Sunday Funday 8/12/18

David Cowen August 12, 2018

Hello Reader, Defcon is over and with it our CTF. For this weeks challenge lets look at some browser forensics artifacts that could be hel...

Daily Blog #450: Sunday Funday 8/12/18 Reviewed by David Cowen on August 12, 2018 Rating: 5

Daily Blog sunday funday

Daily Blog #449: Solution Saturday

David Cowen August 11, 2018

Hello Reader, Another week , another winning answer by Adam Harrison! The CTF is ending in an hour and I look forward to seeing how this a...

Daily Blog #449: Solution Saturday Reviewed by David Cowen on August 11, 2018 Rating: 5

Daily Blog #448: Defcon DFIR CTF update

David Cowen August 11, 2018

Hello Reader, Another late post after a long day in Vegas. We launched the ctf today and already have a fight for the top 3 spots. A...

Daily Blog #448: Defcon DFIR CTF update Reviewed by David Cowen on August 11, 2018 Rating: 5

Daily Blog #447 Defcon 2018 Forensic CTF

David Cowen August 10, 2018

Hello Reader, Just a reminder that the ctf starts tomorrow afternoon. If you are in Vegas and have not signed up yet here is the link: ht...

Daily Blog #447 Defcon 2018 Forensic CTF Reviewed by David Cowen on August 10, 2018 Rating: 5

Daily Blog #446: Sparse image blues

David Cowen August 09, 2018

Hello Reader, A quick one before I fall asleep after a long day of ctf prep and Vegas fun. If you are using the fresponse imager to c...

Daily Blog #446: Sparse image blues Reviewed by David Cowen on August 09, 2018 Rating: 5

Daily Blog f-response

Daily Blog #445: F-Response and the Cloud

David Cowen August 08, 2018

Hello Reader, Today I'm sharing a lesson I learned from acquiring systems in the cloud from another cloud hosted system in ...

Daily Blog #445: F-Response and the Cloud Reviewed by David Cowen on August 08, 2018 Rating: 5

antiforensics Daily Blog sunday funday

Daily Blog #444: Sunday Funday 8/5/18

David Cowen August 05, 2018

Hello Reader, Thank you for all of the responses in the blog comments, on twitter and on LinkedIn to my question regarding Anti...

Daily Blog #444: Sunday Funday 8/5/18 Reviewed by David Cowen on August 05, 2018 Rating: 5

Daily Blog sunday funday

Daily Blog #443: Solution Saturday 8/4/18

David Cowen August 04, 2018

Hello Reader, Another week where Adam Harrison has again dominated the entries. For those of you thinking about trying out next...

Daily Blog #443: Solution Saturday 8/4/18 Reviewed by David Cowen on August 04, 2018 Rating: 5

antiforensics Daily Blog

Daily Blog #442: Anti Forensic Tools in the wild

David Cowen August 03, 2018

Hello Reader, Today I have a question for you. In my work I've encountered tools that my suspects have used to clean or wipe th...

Daily Blog #442: Anti Forensic Tools in the wild Reviewed by David Cowen on August 03, 2018 Rating: 5

Daily Blog windows 10

Daily Blog #441: Changes in Windows 10

David Cowen August 02, 2018

Hello Reader, One of the problems we are having recently in Windows 10 forensics is that what would previously be identified wi...

Daily Blog #441: Changes in Windows 10 Reviewed by David Cowen on August 02, 2018 Rating: 5

Daily Blog notifications windows 10

Daily Blog #440: Windows 10 Notifications Database

David Cowen August 01, 2018

Hello Reader, I had stopped thinking about the Windows 10 notifications database since I last saw Yogesh Kahtri blog post about it ...

Daily Blog #440: Windows 10 Notifications Database

Reviewed by David Cowen on August 01, 2018 Rating: 5

Top Ad unit 728 × 90

Latest News

Daily Blog #468: Jessica Hyde on Rally Security

Daily Blog #467: Forensic Lunch Test Kitchen 8/29/18

Daily Blog #466: Forensic Lunch Test Kitchen 8/28/18

Daily Blog #465: Coming to London

Daily Blog #464: Sunday Funday 8/26/18

Daily Blog #463: Solution Saturday 8/25/18

Daily Blog #462: ObjectIDs and intrusion triage

Daily Blog #461: Forensic Lunch Test Kitchen 8/23/18

Daily Blog #460: Test Kitchen 8/22/18

Daily Blog #459: Building a testing lab on a budget

Daily Blog #458: Object IDs

Daily Blog #457: Sunday Funday 8/19/18

Daily Blog #456: Solution Saturday 8/16/18

Daily Blog #455: Perfect Score in the Defcon DFIR CTF

Daily Blog #454: SQLite Write Ahead Logs and Python

Daily Blog #453: Winners of the Unofficial Defcon DFIR CTF

Daily Blog.#452 Dealing with deleted shadow copies

Daily Blog #451: Defcon DFIR CTF 2018 Open to the Public

Daily Blog #450: Sunday Funday 8/12/18

Daily Blog #449: Solution Saturday

Daily Blog #448: Defcon DFIR CTF update

Daily Blog #447 Defcon 2018 Forensic CTF

Daily Blog #446: Sparse image blues

Daily Blog #445: F-Response and the Cloud

Daily Blog #444: Sunday Funday 8/5/18

Daily Blog #443: Solution Saturday 8/4/18

Daily Blog #442: Anti Forensic Tools in the wild

Daily Blog #441: Changes in Windows 10

Daily Blog #440: Windows 10 Notifications Database

KPMG Advisory

Popular Posts

Blog Archive

Random Posts

Recent Posts

Contact Form

Top Ad unit 728 × 90

Latest News

Social Counter

KPMG Advisory

Popular Posts

Blog Archive

Random Posts

Recent Posts

Contact Form