Daily Blog #641: Forensic Lunch 3/8/19 Eric Zimmerman Lee Whitfield
Hello Reader, Today the Forensic Lunch returned! This week we had:Eric Zimmerman talking about KAPEHow KAPE worksHow you can use itHow to automate itHow you can extend itLee Whitfield went...
View ArticleClik here to view.
Daily Blog #642: Solution Saturday 3/9/19
Hello Reader, I love weeks when we get to crown new winners. Tun is not new DFIR, you may have seen his tweets before, but he is new to the Sunday Funday winners circle. Tun did some great...
View ArticleDaily Blog #643: Sunday Funday 3/10/19
Hello Reader, On this blog we focus on a lot of host related issues, but the world is no longer confined to single on premises hosts anymore. This week let's set our challenge sights to the...
View ArticleDaily Blog #644: Creating decrypted images of APFS file systems encrypted...
Hello Reader, Dealing with T2 Chips on recent model Macbooks has been a real pain point for us in the lab so I was very, very happy to read that Blackbag (thanks Joe and Vico!) have figured...
View ArticleClik here to view.
Daily Blog #645: Solution Saturday 3/16/19
Hello Reader, Spring break is ending which means kids are going back to school soon and I'll be back on track with blogging. Here is this weeks winner!The Challenge:Name and describe all of the...
View ArticleDaily Blog #646: Sunday Funday 3/17/19
Hello Reader, I always appreciate it when people spend their time researching rather than doing other fun things, like playing video games or reading a non-technical book. When we share...
View ArticleDaily Blog #647: Windows Forensics in San Diego
Hello Reader, Looks like I'll be heading to sunny San Diego California to teach SANS FOR500: Windows Forensics this May 9 2019. The event is called Security West and its one of the bigger...
View ArticleClik here to view.
Daily Blog #648: How to stream your own test kitchen
Hello Reader, As I prepare to get the test kitchen back in service I thought I'd share what I use for others who are looking to do the same. I got this idea after this tweet from Gerald DavisSo...
View ArticleDaily Blog #649: How to pick something to test
Hello Reader, One of the questions I get asked on a semi regular basis is, how do I pick what to test/research? The answer is more simple than you would expect:Selection pool: I look at an...
View ArticleDaily Blog #650: Solution Saturday 3/23/19
Hello Reader, This week's challenge was met with many challenges but they were overcome by @darizotas aka Dario B. I think you'll see in his winning post that did a pretty thorough job...
View ArticleDaily Blog #651: Sunday Funday 3/24/19
Hello Reader, Let's finish this trifecta of the major three cloud compute vendors. I think that getting more of this knowledge out there will many random internet searches just trying to understand...
View ArticleDaily Blog #652: Seeking Sponsor for the Unofficial Defcon DFIR CTF 2019
Hello Reader, Do you or your company want to provide a prize for the Unofficial Defcon DFIR CTF now in its third year? If so email me at dcowen@g-cpartners.com so we can talk. In the past SANS,...
View ArticleDaily Blog #653: Forensic Lunch Test Kitchen 3/26/19
Hello Reader, Tonight I tried to do a live stream from my hotel in Jeddah, KSA. Looking back at the recording I'm not sure how well it did but I was able to get some base testing done for a...
View ArticleDaily Blog #654: Sunday Funday 3/31/19
Hello Reader, No April Fools this week I didn't post an answer for last weeks challenge because ... I didn't receive any qualifying answers. So let's try this again shall we? A second week to...
View ArticleDaily Blog #655: Magnet User Summit DFIR CTF 2019 Results
Hello Reader, We had a great CTF today that will soon be released to the public. I'm happy to announce the top three winners.#1 Kevin Pagano#2 Jonathan Rajewski#3 Santiago AyalaPrizes were...
View ArticleDaily Blog #656: Forensic Lunch 4/3/19 Live from MUS2019
Hello Reader, Today we had a Forensic Lunch live from the Magnet User Summit 2019 with guests:Kevin Pagano talking about his experience playing (and winning) the MUS2019 DFIR CTFJessica Hyde...
View ArticleDaily Blog #657: MUS2019 DFIR CTF open to the public
Hello Reader, The DFIR CTF that we ran at the magnet user summit is now open to the public.You can download the evidence and a 30 day license key for Magnet Axiom...
View ArticleClik here to view.
Daily Blog #658: MUS 2019 DFIR CTF Perfect Score Achieved
Hello Reader, Just a note that we already have a perfect score winner!Congratulations to Plop aka Bastien Lardy who I will be contacting about their prize!The CTF will remain up for quite...
View ArticleDaily Blog #659: Sunday Funday 4/7/19
Hello Reader, Sounds like Google Compute DFIR knowledge must be sparse based on the responses I've gotten .. namely none! So let's change platforms to see how well you know PaaS, Platform as...
View ArticleDaily Blog #660: Solution Saturday 4/13/19
Hello Reader, This weeks winner only recently discovered the blog and the contests therein. Why bring this up? It shows that you don't have to be around for years to have a chance at winning...
View Article
