Hacking Exposed Computer Forensics Blog

Daily Blog #634: AWS GuardDuty false positives

David Cowen February 28, 2019

Hello Reader, This another post that I'm making in the hopes that someone who is searching for this will find it and ge...

Daily Blog #634: AWS GuardDuty false positives Reviewed by David Cowen on February 28, 2019 Rating: 5

Daily Blog google gsuite takeout

Daily Blog #633: Things you can't find in Gsuite logs for $100

David Cowen February 27, 2019

Hello Reader, I was working a case recently where an ex-employee was believed to have retained a companies data. They infor...

Daily Blog #633: Things you can't find in Gsuite logs for $100 Reviewed by David Cowen on February 27, 2019 Rating: 5

Daily Blog elcomsoft ios iphone jailbreak kevin stokes rootless

Daily Blog #632: Using Elcomsoft IOS Toolkit on an iPhone with IOS 12.1

David Cowen February 26, 2019

Hello Reader, Kevin Stokes is the mobile forensics champion in our offices at G-C Partners. When we get a copy of the new Elco...

Daily Blog #632: Using Elcomsoft IOS Toolkit on an iPhone with IOS 12.1

Reviewed by David Cowen on February 26, 2019 Rating: 5

Daily Blog elcomsoft forenisc toolkit ios jailbreak rootless

Daily Blog #631: Elcomsoft IOS Toolkit and IOS 12

David Cowen February 25, 2019

Hello Reader, If you haven't already heard Elcomsoft had updated their IOS Forensic Toolkit recently, you can check it out her...

Daily Blog #631: Elcomsoft IOS Toolkit and IOS 12 Reviewed by David Cowen on February 25, 2019 Rating: 5

Daily Blog osx plists sunday funday

Daily Blog #630: Sunday Funday 2/24/19

David Cowen February 24, 2019

Hello Reader, Last weeks challenge went unanswered, but I know there is a movement towards Mac forensics slowly building in th...

Daily Blog #630: Sunday Funday 2/24/19 Reviewed by David Cowen on February 24, 2019 Rating: 5

coreanalytics Daily Blog mojave osx

Daily Blog #629: Coreanalytics Update

David Cowen February 22, 2019

Hello Reader, Back in July of 2018 Crowdstrike wrote a very interesting post all about Core Analytics a service that runs by defa...

Daily Blog #629: Coreanalytics Update Reviewed by David Cowen on February 22, 2019 Rating: 5

cyberbox Daily Blog dfir in 120 seconds mathias fuchs video

Daily Blog #628: DFIR in 120 Seconds

David Cowen February 19, 2019

Hello Reader, I know many of you are looking to get a better understanding of many of the fundamentals of DFIR. In most of my d...

Daily Blog #628: DFIR in 120 Seconds Reviewed by David Cowen on February 19, 2019 Rating: 5

Daily Blog deep freeze lance mueller

Daily Blog #627: Deep Freeze and DFIR

David Cowen February 19, 2019

Hello Reader, While I didn't have any winners for last week's Sunday Funday I did want to draw your attention to the a...

Daily Blog #627: Deep Freeze and DFIR Reviewed by David Cowen on February 19, 2019 Rating: 5

Daily Blog sunday funday

Daily Blog #626: Sunday Funday 2/17/19

David Cowen February 17, 2019

Hello Reader, Let's reevaluate challenges again. Last week I either asked for too much or went to Niche so let's open it ...

Daily Blog #626: Sunday Funday 2/17/19 Reviewed by David Cowen on February 17, 2019 Rating: 5

Daily Blog deep freeze solution saturday sunday funday

Daily Blog #625: Solution Saturday 2/16/19

David Cowen February 16, 2019

Hello Reader, I was wondering 6 months ago what would make miss a day of blogging, it turns out the answer is moving! So now ...

Daily Blog #625: Solution Saturday 2/16/19 Reviewed by David Cowen on February 16, 2019 Rating: 5

Daily Blog defender ata false positive golden ticket

Daily Blog #624: Microsoft Defender ATA Golden Ticket False Positive

David Cowen February 11, 2019

Hello Reader, I'm writing this post to serve as a bookmark for the future for anyone out there searching for this. If it&...

Daily Blog #624: Microsoft Defender ATA Golden Ticket False Positive Reviewed by David Cowen on February 11, 2019 Rating: 5

Daily Blog deep freeze sunday funday

Daily Blog #623: Sunday Funday 2/10/19

David Cowen February 10, 2019

Hello Reader Keeping up with all of the materials that the community makes based on the work you the reader does in Sunday Fu...

Daily Blog #623: Sunday Funday 2/10/19 Reviewed by David Cowen on February 10, 2019 Rating: 5

amcache Daily Blog oleg skilkin solution saturday sunday funday

Daily Blog #622: Solution Saturday 2/9/19

David Cowen February 09, 2019

Hello Reader, This week Oleg Skulkin has come in with another win! Oleg found some interesting results. In Oleg's testing...

Daily Blog #622: Solution Saturday 2/9/19 Reviewed by David Cowen on February 09, 2019 Rating: 5

azuread Daily Blog internetusername

Daily Blog #621: ADFS accounts in SAM hives

David Cowen February 09, 2019

Hello Reader, I wanted to make a quick post about ADFS (Active Directory Federated Services) and Azure AD. If the Windows syst...

Daily Blog #621: ADFS accounts in SAM hives Reviewed by David Cowen on February 09, 2019 Rating: 5

ctf Daily Blog magnet user summit

Daily Blog #620: Magnet User Summit 2018 CTFd site is closing

David Cowen February 07, 2019

Hello Reader, With the 2019 Magnet User Summit coming up and with it the DFIR CTF we are working on for it I think it's ...

Daily Blog #620: Magnet User Summit 2018 CTFd site is closing Reviewed by David Cowen on February 07, 2019 Rating: 5

cfp Daily Blog dfir summit

Daily Blog #619: SANS DFIR Summit 2019 CFP is open!

David Cowen February 06, 2019

Hello Reader, A quick reminder that the 2019 SANS DFIR Summit call for presentations is open! https://www.sans.org/event/di...

Daily Blog #619: SANS DFIR Summit 2019 CFP is open! Reviewed by David Cowen on February 06, 2019 Rating: 5

Daily Blog magnet user summit

Daily Blog #618: Magnet User Summit 2019 CTF is Full

David Cowen February 05, 2019

Hello Reader, I registered today for the Magnet User Summit ( https://magnetusersummit.com/schedule ) and noticed that the CTF ...

Daily Blog #618: Magnet User Summit 2019 CTF is Full Reviewed by David Cowen on February 05, 2019 Rating: 5

amcache Daily Blog sunday funday

Daily Blog #617: Sunday Funday 2/3/19

David Cowen February 03, 2019

Hello Reader, 2019 is becoming a pretty great year for responses to these challenges. It's always tough to weight different...

Daily Blog #617: Sunday Funday 2/3/19 Reviewed by David Cowen on February 03, 2019 Rating: 5

Daily Blog shellbags solution saturday sunday funday

Daily Blog #616: Solution Saturday 2/2/19

David Cowen February 03, 2019

Hello Reader, I had some great submissions this week as people really got into shellbags research. This week Kevin Pagano managed ...

Daily Blog #616: Solution Saturday 2/2/19 Reviewed by David Cowen on February 03, 2019 Rating: 5

amcache blanche lagny Daily Blog dfir review forensic lunch

Daily Blog #615: Forensic Lunch 2/1/19 Blanche Lagney Amcache DFIR Review

David Cowen February 01, 2019

Hello Reader, We had another Forensic Lunch! This was a great episode and here are the details. This week we have: Blanche ...

Daily Blog #615: Forensic Lunch 2/1/19 Blanche Lagney Amcache DFIR Review

Reviewed by David Cowen on February 01, 2019 Rating: 5

Top Ad unit 728 × 90

Latest News

Daily Blog #634: AWS GuardDuty false positives

Daily Blog #633: Things you can't find in Gsuite logs for $100

Daily Blog #632: Using Elcomsoft IOS Toolkit on an iPhone with IOS 12.1

Daily Blog #631: Elcomsoft IOS Toolkit and IOS 12

Daily Blog #630: Sunday Funday 2/24/19

Daily Blog #629: Coreanalytics Update

Daily Blog #628: DFIR in 120 Seconds

Daily Blog #627: Deep Freeze and DFIR

Daily Blog #626: Sunday Funday 2/17/19

Daily Blog #625: Solution Saturday 2/16/19

Daily Blog #624: Microsoft Defender ATA Golden Ticket False Positive

Daily Blog #623: Sunday Funday 2/10/19

Daily Blog #622: Solution Saturday 2/9/19

Daily Blog #621: ADFS accounts in SAM hives

Daily Blog #620: Magnet User Summit 2018 CTFd site is closing

Daily Blog #619: SANS DFIR Summit 2019 CFP is open!

Daily Blog #618: Magnet User Summit 2019 CTF is Full

Daily Blog #617: Sunday Funday 2/3/19

Daily Blog #616: Solution Saturday 2/2/19

Daily Blog #615: Forensic Lunch 2/1/19 Blanche Lagney Amcache DFIR Review

KPMG Advisory

Popular Posts

Blog Archive

Random Posts

Recent Posts

Contact Form

Top Ad unit 728 × 90

Latest News

Social Counter

KPMG Advisory

Popular Posts

Blog Archive

Random Posts

Recent Posts

Contact Form