Profile cover photo
Profile photo
Learn Forensics with David Cowen
678 followers -
computer forensics blog videos tutorials help book learning
computer forensics blog videos tutorials help book learning

678 followers
About
Posts

Post has attachment
Daily Blog #536: USB 3.0 External Storage Drive Forensics: Changes in registry locations
Hello Reader,              Everything changes and we can never rest when it comes to testing and validating our forensic artifacts. This time the change has come to large external storage drives, such as the Seagate USB 3.0 drive I have next to me. If you'v...
Add a comment...

Post has attachment
Daily Blog #535: Sunday Funday 11/12/18
Hello Reader,            Another week for you to succeed! Every week the amount of submissions I get changes greatly so don't think that you can't win. You just have to submit what you think is your best submission and see what happens. This week we will co...
Add a comment...

Post has attachment
Daily Blog #534: Solution Saturday 11/10/18
Hello Reader,          Another week and another round of quality submissions. Once again Sandor Tokesi  has taken a win by including not just all of the file name and standard information attribute timestamps, he also tested cut and paste within a volume an...
Add a comment...

Post has attachment
Daily Blog #533: Windows Forensics DFIR InDepth proposed outline
Hello Reader,        I'm back in the United States for awhile and with that should signal a return of the test kitchen in coming nights. Until then I thought I post my current planned outline for the new book to be named Windows Forensics: DFIR InDepth. Wha...
Add a comment...

Post has attachment
Daily Blog #532: Why self publish?
Hello Reader, I'm sitting on another long flight heading back to Texas from dubai. Thanks and gratitude for all of my students this week who asked great questions and opened new research points I need to flush out in future testing. I thought since I don't ...
Add a comment...

Post has attachment
Daily Blog #531: DFIR In Depth: Windows Forensics
Hello Reader,          After an excellent suggestion yesterday, thanks Bobby Joe, I've decided to get book writing again. However this time I'm going to try to push out iterative updates as I complete it via LeanPub. My plan is to push out the first outline...
Add a comment...

Post has attachment
Daily Blog #530: Teaching SANS Windows Forensics in the USA
Hello Reader,              I think it's been a year since I've taught a public SANS FOR500 class in the USA. I'm happy to say I'll be teaching FOR500 Windows Forensics at the SANS CTI Summit in Arlington, VA January 23- 28, 2018. I'll also be there for the ...
Add a comment...

Post has attachment
Daily Blog #529: Human Bias and Shimcache
Hello Reader,          I've had the pleasure of teaching the SANS FOR500 Windows Forensics around the world the last couple of years. In that time I've been doing a bit of an experiment in each country and keeping track of where the students were from. For ...
Add a comment...

Post has attachment
Daily Blog #528: Sunday Funday 11/4/18
Hello Reader,            We had some great submissions last week so I'm hoping to keep the trend up with similar challenges! The Prize: $100 Amazon Giftcard The Rules: You must post your answer before Friday 11/9/18 7PM CST (GMT -5) The most complete answer...
Add a comment...

Post has attachment
Daily Blog #527: Solution Saturday 11/3/18
Hello Reader,              This week I got multiple qualifying submissions all of which answered the base challenge, meaning that it came down to the most complete answer. This week a new challenger arises victorious! Sandor Tokesi in his first submission h...
Add a comment...
Wait while more posts are being loaded