Data Artifacts, Analysis Results, and Reporting in Autopsy
This is a mini-course on Autopsy. See chapter times below. You might want to watch Part 1 first - Starting a new case in Autopsy: https://youtu.be/fEqx0MeCCHg
Recent posts
DFIR Community Hardware Fund
A few days ago, Alexis Brignoni posted a tweet about the increased usage of the Meta Quest 2 hardware. It’s one of many devices that digital investigators wi...
Starting a New Digital Forensic Investigation Case in Autopsy
This is a mini-course on Autopsy. You might want to see the description on YouTube for chapter links.
A more efficient NSRL for digital forensics
A few days ago, Hexacorn released a blog post taking a look at the NSRL RDS hash set. I’m a total fan of hash sets. I think they are one of the easiest ways ...
DFIR filesystem POSIX gotcha - process from archives directly
I worked on the converter UFDR2DIR and ran into some weird bugs. I coded on Linux and had no trouble reconstructing Android and iOS device dumps paths. But W...
