Category Archives: Forensics

Disk Access in Python with libtsk (by HECF Blog)

If you have ever been looking for a way to access your computer disk without having to deal with user permissions and constrains the operating system enforces then this is the series to read. David Cowen is working on an excellent series called “Automating DFIR” (Digital Forensics Incident Response) on his blog “Hacking Exposed Computer

Read More

[SQLite] Analysing the Quicklook thumbnail database [MacOS]

When reviewing activity from a Mac OSX system there are a number of great artifacts to consider in your investigations. In this post I’m going to talk about the Quicklook database that stores metadata for thumbnails of files you view in the Mac Finder. When Finder session renders that thumbnail it tracks the thumbnail information

Read More

New version of ShadowKit v1.7 Released!

I’ve made a few changes to ShadowKit to address feedback from users! (I know, finally) The changes that have been made are (changelog): *Exporting no longer uses numeric folders (0,1,2,x). Files are exported directly to the folder you have chosen for the exported files. *Fixed the Export Complete Dialogue so that it is now always

Read More