Forensics 21

• Speaking at NCCC 2024 Apr 17, 2024
• Challenge #9 – Encrypt Them All Case Mar 27, 2023
• Challenge #8 – NTFS File System Case Mar 27, 2023
• Challenge #7 – SysInternals Case Mar 27, 2023
• Linux Forensics Workshop May 13, 2020
• Investigating USB Drives using Mount Points Not Drive Letters Apr 4, 2020
• No Drive Letter, No USB Evidence? Think Again! Apr 3, 2020
• Howto Setup and use the CuckooVM v2 Mar 18, 2020
• Investigating Windows Systems (Book Review) Jan 1, 2020
• Cuckoo VM for Malware Analysis Oct 31, 2019
• Acquiring Linux Memory using AVML and Using it with Volatility Jun 20, 2019
• Windows InstallTime vs InstallDate Registry Values Jun 1, 2019
• Creating a Hidden Prefetch File to Bypass Normal Forensic Analysis May 26, 2019
• Can We Say Farewell to Hiding Malicious EXEs in Stealth ADS May 24, 2019
• Anti-Forensics: Leveraging OS and File System Artifacts Dec 10, 2016
• Digital Forensic Challenge #4 Sep 17, 2015
• Forensic Analysis: Creating User GUI vs CLI Jan 8, 2015
• Network Forensics Challenge 1 Dec 5, 2013
• Disable Automount for SIFT Feb 22, 2013
• الجزء السابع من محاضرات HTID Jan 22, 2013
• شرلوك هولمز الرقمي Jan 4, 2013