A new look for DFIR Science
Back in 2008, DFIR Science started as a research blog. It was mostly technical documentation to set up things like OCFA and Debian Live. It was always about ...
Recent posts
Introduction to Memory Forensics with Volatility 3
Volatility is a very powerful memory forensics tool. It is used to extract information from memory images (memory dumps) of Windows, macOS, and Linux systems...
Data Artifacts, Analysis Results, and Reporting in Autopsy
This is a mini-course on Autopsy. See chapter times below. You might want to watch Part 1 first - Starting a new case in Autopsy: https://youtu.be/fEqx0MeCCHg
DFIR Community Hardware Fund
A few days ago, Alexis Brignoni posted a tweet about the increased usage of the Meta Quest 2 hardware. It’s one of many devices that digital investigators wi...
Starting a New Digital Forensic Investigation Case in Autopsy
This is a mini-course on Autopsy. You might want to see the description on YouTube for chapter links.
