DFSP # 042 - Windows 10 Prefetch
This week I about the format change for Windows 10 Prefetch files as well as a freely available tool to decompress and present .pf file data.
6 Des 201617min
DFSP # 041 - Trash Talkin'
This week I'm talking .Trash. I cover the forensic basics of this Mac artifact that examiners need to know.
29 Nov 201616min
DFSP # 040 - Mac Log Files
This week I talk about Mac Log files that are useful for File Use & Knowledge investigations as well as Incident Response.
22 Nov 201622min
DFSP # 039 - Apache Weblogs & SDF Announcement
This week I talk about Apache weblogs and a great resource for foundational knowledge at aid newer examiners with forensic analysis. In addition, big news for the SDF series!
15 Nov 201617min
DFSP # 038 - Finder Sidebar Forensics
This week it's back to Mac forensics with a look at the the Finder Sidebar and it's value for File Use & Knowledge investigations.
8 Nov 201617min
DFSP # 037 - The DFIRONOMICON
This week I pull back the focus for newer examiners and share some thoughts on creating a system that works for you to organize, and keep readily accessible, all the knowledge you accumulate..... and ...
1 Nov 201628min
DFSP # 036 - iCloud Forensic Evidence
This week I breakdown iCloud forensic artifacts.
25 Okt 201624min
DFSP # 035 - "Recent" File Listings on a Mac
This week I talk about where to find different listing of different recently accessed files on a Mac as well as how to break out the data for interpretation.
18 Okt 201623min
