4n6k.com
4n6k: May 2013
http://www.4n6k.com/2013_05_01_archive.html
Tuesday, May 14, 2013. UserAssist Forensics (timelines, interpretation, testing, and more). Everything I've learned on the subject of digital forensics has been a direct result of both experience and reading forensics books, blogs, and list-serv responses written by people like Ken Pryor, Harlan Carvey, Eoghan Casey, Chad Gough,. Before I get into the bulk of it a ll,. Let me note that UserAssist artifacts are nothing new. Didier Stevens. Each count subkey contains ROT-13 encoded values; each value is a ...
4n6k.com
4n6k: Posts
http://www.4n6k.com/p/forensic-posts.html
Shellbags Forensics: Addressing a Misconception. Interpretation, step-by-step testing, new findings, and more). Timelines, interpretation, testing, and more). Jump List Forensics: AppIDs Part 1. Jump List Forensics: AppIDs Part 2. Jump List Forensics: AppID Master List (400 AppIDs). Forensics Quickie: PowerShell Versions and the Registry. Forensics Quickie: NTUSER.DAT Analysis (SANS CEIC 2015 Challenge #1 Write-Up). Forensics Quickie: Merging VMDKs and Delta/Snapshot Files (2 Solutions). Possible Unknown...
4n6k.com
4n6k: UserAssist Forensics (timelines, interpretation, testing, & more)
http://www.4n6k.com/2013/05/userassist-forensics-timelines.html
Tuesday, May 14, 2013. UserAssist Forensics (timelines, interpretation, testing, and more). Everything I've learned on the subject of digital forensics has been a direct result of both experience and reading forensics books, blogs, and list-serv responses written by people like Ken Pryor, Harlan Carvey, Eoghan Casey, Chad Gough,. Before I get into the bulk of it a ll,. Let me note that UserAssist artifacts are nothing new. Didier Stevens. Each count subkey contains ROT-13 encoded values; each value is a ...
4n6k.com
4n6k: Resources
http://www.4n6k.com/p/resources.html
See below for a list of forensics, reverse engineering, malware, programming, and information security resources. Links to this post. Running the Labyrenth: Unit 42 CTF. Update to MacMRU Parser - Now with Microsoft Office Support! Reversing Mac Alias v3 Data Objects. Video: mimikatz: Golden Ticket DCSync. LANDesk in the Registry. Malware and Memory Forensics 2017 Schedule (Now with Linux, Mac, and Surge Collect Pro). Mounting and Reimaging an Encrypted FileVault2 Mac Image in Linux. Locky JS and URL Reve...
SOCIAL ENGAGEMENT