Clik here to view.
Daily Blog #791: Can google gemini 2.5 pro write forensic training materials?
Hello Reader,One of things I've been waiting for is an AI model to have enough of a context window (space to hold an entire thought) to list out forensic artifacts by type so that it could assist in...
View ArticleClik here to view.
Daily Blog #792: Solution Saturday 3/29/25
Hello Reader,This week we challenged you to find out what SSH artifacts are left behind on Windows systems that now have native SSH servers and clients. It shouldn't be a surprise that the person who...
View ArticleClik here to view.
Daily Blog #793: Sunday Funday 3/30/25
Hello Reader, Every week I ask myself, what do we not know? This week I want to focus your combined attentions to log delivery delays in the cloud. Each cloud has pros and cons when using it, so lets...
View ArticleClik here to view.
Daily Blog #794: What did gemini make up?
Hello Reader,In last week's post I posted a document that Google Gemini 2.5 Pro created regarding Windows 11 execution artifacts. This week I want to break down where Gemini just made stuff up or was...
View ArticleClik here to view.
Daily Blog #795: What did Gemini make up part 2
Hello Reader,In the last post we focused on the made up blog posts Gemini cited. Now let's look at some of the facts it stated in regards to how long these artifacts will exist for. When talking about...
View ArticleClik here to view.
Daily Blog #796: Using AI's to help you with EDR searches
Hello Reader,I've been exploring an effective new use case with various AI models: using them to generate queries across different Endpoint Detection and Response (EDR) platforms. Depending on the...
View ArticleClik here to view.
Daily Blog #797: Azure Snapshot Downloads
Hello Reader,One of my favorite features in Azure is how easy it is to work with virtual disk snapshots. When you create a snapshot of a virtual disk (VHD), Azure lets you generate a direct download...
View ArticleClik here to view.
Daily Blog #798: Forensic Lunch Test Kitchen 4/4/25 - Using Replit!
Hello Reader,Today Evan and I used Replit to create a digital forensic artifact website. While the website itself needs alot of content to be useful the fact that it created, tested, and deployed it...
View ArticleClik here to view.
Daily Blog #799: Solution Saturday 4/5/25
Hello Reader, This week no one managed to submit a full answer as I did ask for all three major clouds. The closest with Chris Eng who did a full review of Azure and found times that were much faster...
View ArticleClik here to view.
Daily Blog #800: Sunday Funday 4/6/25
Hello Reader, This week I wanted to turn your attention to WSL or Windows Subsystem for Linux. With WSL becoming more common on windows systems for things like Docker its been awhile since I've seen a...
View ArticleClik here to view.
Daily Blog #801: New capabilities of Chat GPT 4o Image Creation
Hello Reader,As you have noticed I've been really enjoying all the newest and strangest things you can do with all of the AI models as they've come out. While everyone has been focusing on how you can...
View ArticleClik here to view.
Daily Blog #802: Windows Helllo Forensics presentation
Hello Reader, Today I gave a presentation on Windows Hello Forensics to the HTCIA Northeast chapter. I wanted to share the presentation here for the attendees and anyone else interested in seeing it...
View ArticleClik here to view.
Daily Blog #803: Getting Chat GPT 4o to make fancy powepoints
Hello Reader,Yesterday, when I shared my presentation, I mentioned that while I conducted all the research myself, I used ChatGPT-4o to create all of the slides.Why? Because I have absolutely no...
View ArticleClik here to view.
Daily Blog #804: Introducing Puck!
Hello Reader,I'm excited to share some news today—Evan Anderson, who you might recognize from our Vibe Coding livestreams, has just launched a new product: Puck!Puck (available at puck.tools) is the...
View ArticleClik here to view.
Daily Blog #805: Mount That Thing!
Hello Reader,If you've ever done forensics on modern linux systems disk images you may have encountered the dread that comes with dealing with lots of LVMs (Logical Volume Management) which none of...
View ArticleClik here to view.
Daily Blog #806: Solution Saturday 4/12/25
Hello Reader, This week Chris Eng comes back again with some research in his own Daily Blogs about WSL. While I think we can all appreciate Chris's winning streak I'm looking for all of you to come...
View ArticleClik here to view.
Daily Blog #807: Sunday Funday 4/13/25
Hello Reader, This week I'm hoping for more of you to get involved and give Chris Eng some competition. With that in mind I'm going to make this challenge as accessible as possible but still have an...
View ArticleClik here to view.
Daily Blog #808: Testing AWS Log latency - ConsoleLogin
Hello Reader,In a recent Sunday Funday discussion, I asked about the actual log delay across the major cloud providers. By log delay, I mean the time it takes for an event to appear in a cloud...
View ArticleClik here to view.
Daily Blog #809: Testing AWS Log latency - CreateAccessKey
Hello Reader,Continuing from yesterday’s post, it's time for another AWS CloudTrail speed test. Today, we're testing the CreateAccessKey event, which occurs when a new Access Key ID is created for an...
View ArticleClik here to view.
Daily Blog #810: Testing AWS Log latency - CreateUser
Hello Reader,Continuing from yesterday’s post, it's time for another AWS CloudTrail speed test. Today, I’m examining the CreateUser event, which is triggered when a new IAM user is created in an AWS...
View ArticleClik here to view.
Daily Blog #811: Testing AWS Log latency - Modifying User Permissions
Hello Reader,Continuing our series on AWS CloudTrail speed tests, today’s test focuses on a new IAM-related action: AddUserToGroup. This event is generated when you modify a user’s permissions by...
View ArticleClik here to view.
Daily Blog #812: Testing AWS Log latency - Removing Users from Groups
Hello Reader,Welcome back to another installment in the AWS CloudTrail speed test series. Today’s focus shifts to the opposite of yesterday’s action: RemoveUserFromGroup. This event is triggered when...
View ArticleClik here to view.
Daily Blog #813: Solution Saturday 4/19/25
Hello Reader, Another week has come and gone but Chris Eng's streak continues unbroken! It's up to all of you to decide if you are ready to step up to the challenge tomorrow for this weeks challenge!...
View ArticleClik here to view.
Daily Blog #814: Sunday Funday 4/20/25
Hello Reader, It's an Eng world and we are just living in it, unless of course you take the time to put in an entry this week and win! This week we are changing courses to an old file system problem...
View ArticleClik here to view.
Daily Blog #815: I missed a day
Hello Reader,It happens to everyone and yesterday it happened to me. I was traveling and lost track of the day and realized I didn't post a blog yesterday. I just want to acknowledge it so you know a...
View Article