During investigation in a security incident, event log analysis is a key element.
Dumpzilla is a Python 3 script developed to extract artifacts from Firefox, Iceweasel and Seamonkey browsers, useful durgin a forensic analysis.
A typical NTFS filesystem contains hundreds of thousands of files. Each file has its own $MFT entry, and all $MFT entries are given a sequential address starting from zero, zero being the $MFT entry itself.
During a forensic analysis of a Windows system, it is often critical to understand when and how a particular process has been started.
Microsoft Terminal Services Remote Desktop Protocol (RDP) is a great feature that allows the interactive use or administration of a remote Windows system. However, it can be also used by an attacker, with compromised domain credentials, to move laterally across the local network.
File carving is the process of reassembling computer files from fragments in the absence of filesystem metadata.