Category Archives: Incident Response

Disk Access in Python with libtsk (by HECF Blog)

If you have ever been looking for a way to access your computer disk without having to deal with user permissions and constrains the operating system enforces then this is the series to read. David Cowen is working on an excellent series called “Automating DFIR” (Digital Forensics Incident Response) on his blog “Hacking Exposed Computer

Read More

Kerberos service password reset script available from Microsoft

Microsoft blog has posted a link to PowerShell script for resetting the password to the Kerberos krbtgt service on active directory to deal with the golden ticket issue. Just make sure the password gets changed twice. Post: PowerShell Script: Here’s a script to the Kerberos Golden Ticket Check script from Microsoft to help

Read More

New version of ShadowKit v1.7 Released!

I’ve made a few changes to ShadowKit to address feedback from users! (I know, finally) The changes that have been made are (changelog): *Exporting no longer uses numeric folders (0,1,2,x). Files are exported directly to the folder you have chosen for the exported files. *Fixed the Export Complete Dialogue so that it is now always

Read More