Following my talk on SQLite Forensics at the CEIC conference I want to share the scripts I wrote but did not get the opportunity to demo during the talk! I talked about using Python to export data from the Favicon database in the Chrome web browser, any SQLite database using python. In this post I’m going
Category Archives: Forensics
Slides from my SQLite Forensics talk at #CEIC2014 have been posted. If you would like to download them you can get them here.
This is an updated post (cross-posted from my RRTX Blog!) about building Access Data’s FTK Toolkit filters outside of FTK. Access Data probably won’t like this since a bad filter can cause the client to crash if you build the filter wrong. So lets build it with care. If you are someone familiar with FTK
Welcome to part two of Unleashing log file analysis. In the last post I talked about the power of using LogParser to transform your Windows Event Logs. In this post I want to talk about using LogParser to transform your IIS Logs! So a quick recap from Part 1 of why I think LogParser is
We all have to work with event logs on a regular basis. There are a lot of ways to tackle event logs and today I want talk about using LogParser with Event logs. LogParser isn’t new, it’s been around for years but I haven’t heard of many people using it in there investigations. This is
Welcome reader, Friday I was interviewed on the Forensic Lunch about a utility I released this week called SQLiteDiver and the upcoming speech on SQLite Forensics I will be giving at the CEIC Conference. The talk will be on Tuesday, May 20th @ 8am. If you would like to hear more be sure to add my
Check out my interview on MetaDiver on the Forensic lunch! I highly recommend that you check out past Forensic Lunch video’s if you would like to learn more about Forensic’s or you are just interested in keeping up with what is happening in the world of forensics!