Oculus Quest 2 First Impressions and Research Notes
Recently the DFIR Community Hardware Fund purchased a Meta Oculus Quest 2 VR headset. Unboxing and device images can be found here. I finally had time to set...
Recent posts
Getting started in DFIR: Conferences and Workshops
Ever wonder how to be accepted to a conference? Today we talk about different types of tech conferences, and how to get started both attending and giving pre...
A new look for DFIR Science
Back in 2008, DFIR Science started as a research blog. It was mostly technical documentation to set up things like OCFA and Debian Live. It was always about ...
Introduction to Memory Forensics with Volatility 3
Volatility is a very powerful memory forensics tool. It is used to extract information from memory images (memory dumps) of Windows, macOS, and Linux systems...
Data Artifacts, Analysis Results, and Reporting in Autopsy
This is a mini-course on Autopsy. See chapter times below. You might want to watch Part 1 first - Starting a new case in Autopsy: https://youtu.be/fEqx0MeCCHg
