What started as an idea a month or two ago, has become a reality. Introducing The Evidence Locker , a compiled repository of publicly avai...

What started as an idea a month or two ago, has become a reality. Introducing The Evidence Locker , a compiled repository of publicly avai...

What's new in OneDriveExplorer OnedDriveExplorer v2025.11.07 now includes a dedicated parser for Microsoft.FilesOnDemand....

CyberPipe-Timeliner was developed in response to a colleague's query about integrating Magnet Response collections with ForensicTimeliner. This tool automates the workflow, transforming collection data into a unified forensic timeline. With features like date filtering and flexible input options, it streamlines the timeline generation process, making it efficient and user-friendly. #DFIR

Going forward I will be updating the title of the blogs to reflect just the month and not the specific day (it becomes hard to post on the 1...

Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity SecurityIn this session, Permiso’s CTO will cover:- How attackers moved from GitHub → AWS → Salesforce using stolen OAuth to…

I was asked to join my good friends Debbie, Jessica and Kim over at Hexordia for their Truth in Data podcast to talk one of my favorite to...

While I unfortunately couldn't attend the conference I did see that the BSides NYC CTF board was available still ( check here ). Christopher...

A common theme in digital forensics is putting the target behind the keyboard. One way to help this is around the use of passcodes and especially the use of biometrics. How can we determine though wha...

Mobile devices have become indispensable tools in the modern workplace, enabling more than just checking email. Employees now browse the web, access sensitive company data, and conduct daily business ...

What is Quick access? Quick access makes it simple to find your frequently used storage locations, inclu...

CyberPipe, developed for incident response, is a PowerShell script facilitating efficient digital evidence collection in enterprise settings. Recent updates include improved collection methods, capabilities like QuickTriage for faster artifact gathering, and enhanced reliability with advanced error handling. Version 5.2 aims to streamline operations while ensuring forensic integrity and transparency. #DFIR

Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity SecurityIn this session, Permiso’s CTO will cover:- How attackers moved from GitHub → AWS → Salesforce using stolen OAuth to…

What is Quick access? Quick access makes it simple to find your frequently used storage locations, inclu...

I had the pleasure of taking part in a panel discussion for the Cyber Unpacked series with Magnet Forensics. What a great conversation with ...

A trick and a treat this week with a quiet milestone for cross-platform DFIR tooling — MalChelaGUI now runs seamlessly inside Windows through Ubuntu WSL2, with zero configuration required. #DFIR #MalwareAnalysis

We are excited to announce that the Volatility Plugin Contest is officially open for submissions! The annual Plugin Contest is your opportunity to: Directly contribute to the open source forensics …

At the beginning of this year, I started adding data from the offline databases into OneDrive Explorer. This data enhanced...

Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity SecurityIn this session, Permiso’s CTO will cover:- How attackers moved from GitHub → AWS → Salesforce using stolen OAuth to…

Apple has hit the jump to light speed and jumped from iOS 18 to iOS 26! In this episode of Mobile Unpacked we’ll explore the new changes and challenges Apple’s yearly upgrade cycle is bringing to the ...

PancakesCon is this coming Sunday, the 21st of September (running into the 22nd for some of us!). It will start at 6AM Central US Time (Chicago), for a very good reason. No, I have not become a mor…