Introducing AboutDFIR’s MFT Explorer/MFTECmd Guide

Greetings everyone! I’ve been working on a detailed guide geared towards LE/Private Sector examiners who’ve never used MFT Explorer/MFTECmd before as well as anyone looking to learn what the tool is all about. Learning a new tool is intimidating and can be frustrating, but hopefully this guide will make things easier. The MFT Explorer/MFTECmd Guide comes on the heels of the previous guides I put together recently: KAPE, Timeline Explorer, and Registry Explorer/RECmd. All guides,…
Read More

Introducing AboutDFIR’s Registry Explorer/RECmd Guide

Greetings everyone! I’ve been working on a detailed guide geared towards LE/Private Sector examiners who’ve never used Registry Explorer/RECmd before as well as anyone looking to learn what the tool is all about. Learning a new tool is intimidating and can be frustrating, but hopefully this guide will make things easier. The Registry Explorer/RECmd Guide comes on the heels of the previous guides I put together recently: KAPE and Timeline Explorer . All guides, current…
Read More

Introducing AboutDFIR’s Timeline Explorer Guide

Greetings everyone! I’ve been working on a detailed guide geared towards LE/Private Sector examiners who’ve never used Timeline Explorer before as well as anyone looking to learn what the tool is all about. Learning a new tool is intimidating and can be frustrating, but hopefully this guide will make things easier. This guide for Timeline Explorer comes on the heels of last month's release of the KAPE Guide. It can also be currently located in…
Read More

Introducing AboutDFIR’s KAPE Guide

Greetings everyone! I've been working on a detailed guide geared towards LE/Private Sector examiners who've never used KAPE before as well as anyone looking to learn what the tool is all about. Learning a new tool is intimidating and can be frustrating, but hopefully this guide will make things easier. The guide can be found here. It can also be currently located in the site's recently redesigned menu via Tools & Artifacts -> Tools ->…
Read More

DFIR Without Certs – What Books Can Help You

This has been an absolute long time coming from me, I think! The reason for this is during the crazy times we currently live in here in 2020, this is probably something I should have worked on much earlier to give folks a bit of a leg up on some reading material. Coming full circle, I feel this is something that really needs to be updated within our field. One of the few places where…
Read More

Jailbreaking – Checkra1n Configuration

In this installment, I felt that I should discuss how to use Checkra1n, and how to actually get into the device via 2 methods: localhost (tethered) and WiFi (untethered). This is not a blog to discuss how Checkra1n is doing, what it is doing, or what Checkm8 is doing prior to the device booting. Additionally, you do this at your own risk. Just because it works on one device does not mean it'll work on…
Read More

Pattern of Life – Tracking Through Mobile Applications

So getting back into blogging finally! Thanks for hanging in there with me.  Unlike my last posts, time to roll up the sleeves and try to make this community better from a technical perspective. To do that, I've decided to look at individual applications from iOS (first) so I can see what we are looking at. This is most important to me, because as we all know, our tools will lie to us if we…
Read More