Idan Buller
Jan 9, 20238 min read
Uncovering the Secrets of NTFS File Records: A Digital Forensics Guide
Windows file system forensics is a vital aspect of digital forensics investigations, as it allows examiners to recover and analyze evidence.
Idan Buller
Jul 13, 20223 min read
MFT Journaling Forensics - Tools & Techniques
The forensic value of MFT journals is that they can be used to find evidence of file creations, deletions, renames, etc.
Idan Buller
Mar 13, 20223 min read
Analyzing Shimcache Forensics - Python Forensics #1
We are going to extract this valuable information with a well-known tool made by Eric Zimmermann, and use a python-based addon I created.
Idan Buller
Feb 25, 20223 min read
Browser Forensics - Tools & Techniques
The amount of information stored locally in the browser's folders is huge and can be super useful for forensic analysis.
Idan Buller
Dec 23, 20213 min read
EVTX Forensics - Investigate Windows Events
Windows event logs provide a rich source of forensic information for threat hunting and incident response investigations.
Idan Buller
Dec 8, 20211 min read
WMI Forensics - Cheat Sheet
While WMI and PowerShell can be used for attacks, they equally can be used for defense.
Idan Buller
Sep 26, 20213 min read
Linux Forensics - The Complete CheatSheet
While Windows forensics is widely covered via several courses and articles, there are fewer resources introducing it to the Linux Forensics
Idan Buller
Sep 16, 20214 min read
Execution Evidence - Prefetch Files
The Evidence of execution might be your forensic solution.
Idan Buller
Mar 15, 20214 min read
Document File Malware Analysis - Attacker's Bread & Butter
Office documents will continue to be the most common methods used by attackers to trick users and execute malicious activity.
Idan Buller
Dec 23, 20204 min read
Shadow Copies - The wiped out Evidence
Shadow Copies is the one thing you need to add your Forensics activity list.
Idan Buller
Nov 14, 20205 min read
RDP Forensics - Logging, Detection and Forensics
RDP is that thing you want to investigate...
Idan Buller
Nov 7, 20206 min read
Registry Forensics - A Goldmine
Registry Hives are one of the major evidence providers for us, the analysts.
