-
# Forensics 911 - recovering a thesis of one year work
Forensics 911 - recovering a thesis of one year work
[https://book-of-gehn.github.io/articles/2016/12/18/Forensics-911-recovering-thesis.ht…
-
Hi,
During the forensics process, a host/hypervisor Velociraptor does not do forensics for the docker image filesystem.
for example:
* acquire bash history from the docker image.
* reveal crontab…
-
```
This is the successor of log2timeline.
Home page is here: http://plaso.kiddaland.net
There's a lot of dependencies (thanks to the great work of Joachim Metz).
Attached here all ebuilds needed.
`…
-
```
This is the successor of log2timeline.
Home page is here: http://plaso.kiddaland.net
There's a lot of dependencies (thanks to the great work of Joachim Metz).
Attached here all ebuilds needed.
`…
-
```
This is the successor of log2timeline.
Home page is here: http://plaso.kiddaland.net
There's a lot of dependencies (thanks to the great work of Joachim Metz).
Attached here all ebuilds needed.
`…
-
MS doc: https://learn.microsoft.com/en-us/windows/win32/menurc/string-str?redirectedfrom=MSDN
Yara rule support for field: https://yara.readthedocs.io/en/v3.2.0/modules/pe.html
This is a useful fi…
-
```
This is the successor of log2timeline.
Home page is here: http://plaso.kiddaland.net
There's a lot of dependencies (thanks to the great work of Joachim Metz).
Attached here all ebuilds needed.
`…
-
I would like to have the ability to create rules on registry hives, for example:
```yml
---
title: T1547.004 - Winlogon System Shell Changed
group: Persistence
description: Winlogon\Shell changed…
-
During an evaluation of the Recyclebin artifact it was identified that this could be improved by incorporation an option to use the MFT parser to first identify $I files.
When a file is deleted fro…
-
Hello,
I tried to perform WA APK Downgrade on my Poco F5 Pro, Android 14, but after reboot Avilla fails to install legacy apk.
So, I tried to do the downgrade with a legacy APK I have, and I got…