Hacking Exposed Computer Forensics Blog

Daily Blog #493: Sunday Funday 9/30/18

David Cowen September 30, 2018

Hello Reader, If you watched the forensic lunch test kitchen this week you would have seen I was using Sysmon to monitor registry ch...

Daily Blog #493: Sunday Funday 9/30/18 Reviewed by David Cowen on September 30, 2018 Rating: 5

Daily Blog solution saturday

Daily Blog #492: Solution Saturday 9/30/18

David Cowen September 30, 2018

Hello Reader, This week Phill Moore of thisweekin4n6 has clinched the win with a registry ripper plugin to expose and parse th...

Daily Blog #492: Solution Saturday 9/30/18 Reviewed by David Cowen on September 30, 2018 Rating: 5

Daily Blog objectid test kitchen videopost

Daily Blog #491: Test Kitchen 9/27/18 Sequential ObjectID Testing

David Cowen September 27, 2018

Hello Reader, We had a short broadcast this evening to test and show how the timestamps within the ObjectIDs were being set and i...

Daily Blog #491: Test Kitchen 9/27/18 Sequential ObjectID Testing

Reviewed by David Cowen on September 27, 2018 Rating: 5

Daily Blog enfuse

Daily Blog #490: The end of enfuse/ceic

David Cowen September 26, 2018

Hello Reader, Just in case your not on Twitter, there is confirmation that the conference by the company fornallf known as guidance softwa...

Daily Blog #490: The end of enfuse/ceic Reviewed by David Cowen on September 26, 2018 Rating: 5

Daily Blog hackthebox

Daily Blog #489: Do you IR your pentest labs?

David Cowen September 25, 2018

Hello Reader, Lately I've been experimenting with https://hackinthebox.eu but not for the normal reasons. I've always ...

Daily Blog #489: Do you IR your pentest labs? Reviewed by David Cowen on September 25, 2018 Rating: 5

Daily Blog mac_apt osx

Daily Blog #488: Tool Highlight Mac APT

David Cowen September 24, 2018

Hello Reader, I'm sure a lot of you follow Yogesh Kahtri's research but I wanted to take this post to point our that h...

Daily Blog #488: Tool Highlight Mac APT Reviewed by David Cowen on September 24, 2018 Rating: 5

Daily Blog sunday funday

Daily Blog #487: Sunday Funday 9/23/18

David Cowen September 23, 2018

Hello Reader, Let's try this again. We had some great weeks of Sunday Funday answers so I'm looking for another week of gre...

Daily Blog #487: Sunday Funday 9/23/18 Reviewed by David Cowen on September 23, 2018 Rating: 5

Daily Blog solution saturday

Daily Blog #486: Solution Saturday 9/22/18

David Cowen September 22, 2018

Hello Reader, I was hoping a testing challenge would bring in more responses but we go another week without a winning entry. I'...

Daily Blog #486: Solution Saturday 9/22/18 Reviewed by David Cowen on September 22, 2018 Rating: 5

Daily Blog forensic lunch test kitchen typedpaths

Daily Blog #485: Forensic Lunch Test Kitchen 9/21/18

David Cowen September 21, 2018

Hello Reader, Continuing on from last nights test kitchen I've had another broadcast today trying to monitor the changes to ...

Daily Blog #485: Forensic Lunch Test Kitchen 9/21/18

Reviewed by David Cowen on September 21, 2018 Rating: 5

Daily Blog test kitchen typedpaths

Daily Blog #484: Forensic Lunch Test Kitchen 9/20/18

David Cowen September 20, 2018

Hello Reader, I ran out of time to get a video up for yesterdays blog post but I wanted to make sure I got this done and uploade...

Daily Blog #484: Forensic Lunch Test Kitchen 9/20/18

Reviewed by David Cowen on September 20, 2018 Rating: 5

Daily Blog registry typedpaths

Daily Blog #483: Typed Paths Amnesia

David Cowen September 19, 2018

Hello Reader, I'm going to update this post with a video when I get to my hotel room tonight and do a test kitchen. I w...

Daily Blog #483: Typed Paths Amnesia

Reviewed by David Cowen on September 19, 2018 Rating: 5

Daily Blog for500 SANS

Daily Blog #482: Teaching in Dubai!

David Cowen September 18, 2018

Hello Reader, Are you in the middle east and have a passion for DFIR? I'll be teaching SANS FOR500 Windows Forensics this...

Daily Blog #482: Teaching in Dubai! Reviewed by David Cowen on September 18, 2018 Rating: 5

Daily Blog event log vhd

Daily Blog #481: Event Logs for VHDs

David Cowen September 17, 2018

Hello Reader, I was going back through default event logs when I ran across an event log for VHD actions that was described...

Daily Blog #481: Event Logs for VHDs

Reviewed by David Cowen on September 17, 2018 Rating: 5

Daily Blog sunday funday

Daily Blog #480: Sunday Funday 9/16/18

David Cowen September 16, 2018

Hello Reader, I'm going to change things around for this weeks challenge, lets put things back to research and less about co...

Daily Blog #480: Sunday Funday 9/16/18 Reviewed by David Cowen on September 16, 2018 Rating: 5

Daily Blog solution saturday

Daily Blog #479: Solution Saturday 9/15/18

David Cowen September 15, 2018

Hello Reader, This week I didn't get any working entries for the challenge, meaning I'll just put up the code to do it on M...

Daily Blog #479: Solution Saturday 9/15/18 Reviewed by David Cowen on September 15, 2018 Rating: 5

Daily Blog forensic lunch github objectid test kitchen

Daily Blog #478: Github repository for the Test Kitchen

David Cowen September 14, 2018

Hello Reader, I went ahead and added a Github repository for the ObjectID scanner I was showing on the Test Kitchen last night. Yo...

Daily Blog #478: Github repository for the Test Kitchen Reviewed by David Cowen on September 14, 2018 Rating: 5

Daily Blog objectid test kitchen

Daily Blog #477: Forensic Lunch Test Kitchen 9/13/18 ObjectID Decoded and timestamps tested

David Cowen September 13, 2018

Hello Reader, Our Forensic Lunch Test Kitchen series continues! Tonight we decoded the Object ID values into their timestamps, se...

Daily Blog #477: Forensic Lunch Test Kitchen 9/13/18 ObjectID Decoded and timestamps tested

Reviewed by David Cowen on September 13, 2018 Rating: 5

Daily Blog forensic lunch objectid test kitchen

Daily Blog #476: Forensic Lunch Test Kitchen 9/12/18 ObjectID Default Behavior

David Cowen September 13, 2018

Hello Reader, Another night, another test kitchen! Tonight I try to remove my observation bias from the past episodes but modify...

Daily Blog #476: Forensic Lunch Test Kitchen 9/12/18 ObjectID Default Behavior

Reviewed by David Cowen on September 13, 2018 Rating: 5

Daily Blog forensic lunch objectid test kitchen

Daily Blog #475: Forensic Lunch Test Kitchen 9/11/18 ObjectIDs

David Cowen September 11, 2018

Hello Reader, Another Forensic Lunch Test Kitchen this evening with a deeper look into ObjectIDs. We covered: The fact that t...

Daily Blog #475: Forensic Lunch Test Kitchen 9/11/18 ObjectIDs

Reviewed by David Cowen on September 11, 2018 Rating: 5

Daily Blog event log telemetry windows server

Daily Blog #474: Application Experience Program Telemetry

David Cowen September 10, 2018

Hello Reader, I had another examiner, who will go nameless unless they choose to be named, ask what program execution and persist...

Daily Blog #474: Application Experience Program Telemetry Reviewed by David Cowen on September 10, 2018 Rating: 5

Daily Blog python sunday funday

Daily Blog #473: Sunday Funday 9/9/18

David Cowen September 09, 2018

Hello Reader, Another week passes and I'm full of ideas of things I want to test, program and try. After Phill Moore's ...

Daily Blog #473: Sunday Funday 9/9/18 Reviewed by David Cowen on September 09, 2018 Rating: 5

Daily Blog objectid solution saturday

Daily Blog #472: Solution Saturday 9/8/18

David Cowen September 08, 2018

Hello Reader, I didn't mean for there to be a week without a solution or a challenge but labor day weekend was way to much fun t...

Daily Blog #472: Solution Saturday 9/8/18 Reviewed by David Cowen on September 08, 2018 Rating: 5

Daily Blog python pytsk

Daily Blog #471: Gearing up for more dfvfs programming

David Cowen September 06, 2018

Hello Reader, In my attempt to get a Windows VM up and running as a test development environment for doing some tutorials on 64 bi...

Daily Blog #471: Gearing up for more dfvfs programming Reviewed by David Cowen on September 06, 2018 Rating: 5

Daily Blog

Daily Blog #470: Unforseen impact of our work

David Cowen September 05, 2018

Hello Reader, Today I'm reflecting on something that hasn't happened to me in the 19 years I've been doing dig...

Daily Blog #470: Unforseen impact of our work Reviewed by David Cowen on September 05, 2018 Rating: 5

book review Daily Blog python

Daily Blog #469: Book Highlight Learning Python for Forensics

David Cowen September 04, 2018

Hello Reader, If you've read some of the older blog series you know that I'm a big proponent of getting new and old ex...

Daily Blog #469: Book Highlight Learning Python for Forensics Reviewed by David Cowen on September 04, 2018 Rating: 5

Top Ad unit 728 × 90

Latest News

Daily Blog #493: Sunday Funday 9/30/18

Daily Blog #492: Solution Saturday 9/30/18

Daily Blog #491: Test Kitchen 9/27/18 Sequential ObjectID Testing

Daily Blog #490: The end of enfuse/ceic

Daily Blog #489: Do you IR your pentest labs?

Daily Blog #488: Tool Highlight Mac APT

Daily Blog #487: Sunday Funday 9/23/18

Daily Blog #486: Solution Saturday 9/22/18

Daily Blog #485: Forensic Lunch Test Kitchen 9/21/18

Daily Blog #484: Forensic Lunch Test Kitchen 9/20/18

Daily Blog #483: Typed Paths Amnesia

Daily Blog #482: Teaching in Dubai!

Daily Blog #481: Event Logs for VHDs

Daily Blog #480: Sunday Funday 9/16/18

Daily Blog #479: Solution Saturday 9/15/18

Daily Blog #478: Github repository for the Test Kitchen

Daily Blog #477: Forensic Lunch Test Kitchen 9/13/18 ObjectID Decoded and timestamps tested

Daily Blog #476: Forensic Lunch Test Kitchen 9/12/18 ObjectID Default Behavior

Daily Blog #475: Forensic Lunch Test Kitchen 9/11/18 ObjectIDs

Daily Blog #474: Application Experience Program Telemetry

Daily Blog #473: Sunday Funday 9/9/18

Daily Blog #472: Solution Saturday 9/8/18

Daily Blog #471: Gearing up for more dfvfs programming

Daily Blog #470: Unforseen impact of our work

Daily Blog #469: Book Highlight Learning Python for Forensics

KPMG Advisory

Popular Posts

Blog Archive

Random Posts

Recent Posts

Contact Form

Top Ad unit 728 × 90

Latest News

Social Counter

KPMG Advisory

Popular Posts

Blog Archive

Random Posts

Recent Posts

Contact Form