Category Archives: coding

Disk Access in Python with libtsk (by HECF Blog)

If you have ever been looking for a way to access your computer disk without having to deal with user permissions and constrains the operating system enforces then this is the series to read. David Cowen is working on an excellent series called “Automating DFIR” (Digital Forensics Incident Response) on his blog “Hacking Exposed Computer

Read More

Kerberos service password reset script available from Microsoft

Microsoft blog has posted a link to PowerShell script for resetting the password to the Kerberos krbtgt service on active directory to deal with the golden ticket issue. Just make sure the password gets changed twice. Post: PowerShell Script: Here’s a script to the Kerberos Golden Ticket Check script from Microsoft to help

Read More

[SQLite] Analysing the Quicklook thumbnail database [MacOS]

When reviewing activity from a Mac OSX system there are a number of great artifacts to consider in your investigations. In this post I’m going to talk about the Quicklook database that stores metadata for thumbnails of files you view in the Mac Finder. When Finder session renders that thumbnail it tracks the thumbnail information

Read More