Digital Brains

Computer Forensics and E-discovery

Certifications are Evil.....By John McCash

October 5th

Note: The following does not represent the opinion of Mark McKinnon. He merely had the good grace to allow me a forum in which to post it after it was respectfully declined (for obvious reasons) by the SANS Institute's Forensic Blog. I wrote it chiefly b…

Decoding the DateCreated and DateLastConnected SSID values From Vista/Win 7

August 25th

This information was provided to me by Longshot (Just passing this great information along).Decoding the DateCreated and DateLastConnected registry values from the registry keysSOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{GUID} In Vi…

Update Skype Log Parser..........

August 7th

I know this whole blog has gotten pretty stale as there have not been any posts in a loooong time. Well I am going to try and remedy that with some good posts in the coming weeks. Well the skype log parser, which is my most downloaded tool, has gone thro…

Forensic Focus

Oops, it looks like you've entered an invalid feed address!

Forensic Video and Image Analysis BLOG

January 3rd

 January 2025 UpdateI received a very odd notice from Google congratulating me on the traffic that this blog has received in 2024. Yes. 2024. I haven't really thought about this space in more than 4 years. But there it was. So I clicked into the …

So long, and thanks for all the fish

September 22nd

 This will be the final post in this space. I've retired from the practice. I'll leave this free resource up as an artifact and a reference. So long, and thanks for all the fish.

A cultural shift in training delivery is happening

March 27th

First of all, I hope this post finds you and yours in good health. I hope that you have enough to eat and have enough resources to meet your basic needs. I know that many folks have been sent home to work, some have even lost their jobs (some temporarily,…

Working from home? Remember, Alexa hears everything.

March 25th

As firms and agencies urge their employees to work from home during the global pandemic, their employees’ confidential phone calls run the risk of being heard by Amazon.com Inc. and Google. Mishcon de Reya LLP, the U.K. law firm that famously advised Pri…

Didier Stevens

Update: oledump.py Version 0.0.81

May 8th

This version brings a new plugin to extract clickable links from Word documents (.doc): plugin_hyperlink.py oledump_V0_0_81.zip (http)MD5: CEC519186C49CEA82811491DD0055D94SHA256: 1F990AC30E6D5992D6888F0CAD6FAECE568DB5C32F54554E3BEA89542481658A

Update: myjson-filter.py Version 0.0.7

May 7th

This new version of myjson-filter brings: Plugin plugin_ooxml_url.py is a plugin that extracts clickable links from OOXML documents: myjson-filter_V0_0_7.zip (http)MD5: E168A38CBC349F972EDD830A56C949BESHA256: AD09A5C50310E9684561FC33AE98C5F8928D6F3B30F872…

Update: xorsearch.py Version 0.0.5

May 1st

This version fixes a bug in IsPrintable and adds option -D. xorsearch_v0_0_5.zip (http)MD5: 97621F1FCDED7B1B73091112C3C9FFD5SHA256: 67D5E89A9F3057FF51ADD1C9F66E13D110AA92A64AA2A071828871067AF42241

System Forensics

Hello world!

April 10th

Welcome to WordPress. This is your first post. Edit or delete it, then start writing! 게시물 Hello world!이 뉴토끼에 처음 등장했습니다.

Digital Forensics Magazine News

Instant Payment Scams

May 12th

Author - John Bertrand. Payment System Regulator (PSR) Pioneer Work on Instant Payment Scams Creating a Safe Environment for Instant Internal Payment and FX Activities. Why PS24/7 Faster Payments APP Scams Reimbursement. From 2017 to 2023 Bank/PSPs retain…

New Cyber Security & Business Resilience Policy Centre, The CSBR, Announces Q1 2025 Policy Programme

January 2nd

New cyber security and business resilience policy centre, The CSBR, has announced its first two policy programmes for the first quarter of 2025. Unsurprisingly given the UK Government’s intention to bring before Parliament during 2025 its bill of th…

Business Owners Can Use These Strategies to Navigate Change Management

December 31st

Photo via Pexels Article by Marcus Lansky Change is a constant in the business world, demanding strategic approaches to ensure success. As a leader, your role is pivotal in guiding your organisation through these shifts with strategic insight and decisive…

Search Begins for the Next Generation of Cyber Security Talent

October 10th

In partnership with Department for Science, Innovation and Technology (DSIT), Foreign, Commonwealth and Development Office (FCDO) and the National Cyber Security Centre (NCSC) will be sending a team of young women to represent the UK at the inau…

Linux Sleuthing

Time Perspective

May 2nd

Telling time in forensic computing can be complicated. User interfaces hide the complexity, usually displaying time stamps in a human readable format, e.g. 2017-05-02 18:36:23. But the time stamp is usually not recorded in this format. Instead, it is r…

Compression and Android Gmail

September 29th

Every registered Android mobile device has an associated Google account. Google accounts usually mean Gmail. And, for investigators interested in the Gmail content stored on Androids, that content can be found in the /data/com.google.android.gm/da…

Android SDK on 64-bit Linux

August 25th

I commonly use adb and fastboot to access Android devices. Ubuntu has packages for those tools making installation easy: $ sudo apt-get install android-tools-adb android-tools-fastboot But, in recent months, I have encountered instances where the a…

Riffbox and Windows 10

August 24th

I decided to bite the bullet and try out Windows 10. I wanted to learn the new operating system and determine if I could run specific software/hardware combinations under the new Windows that I had been running in Windows 7, specifically Riffbox. I happ…

Sploited BLOG