The Forensic Lunch!
The 1 hour, usually, videocast/podcast that brings you the latest in new DFIR research, topics and people.
This weeks guests:
Hal Pomeranz,@hal_pomeranz, of Deer Run associates talking about updates to his Linux Memory Grabber and some research into bash_history behavior.
You can get the linux memory grabber he discussed here https://github.com/halpomeranz/lmg
Hal can be reached at hal@deer-run.com
Eric Zimmerman,@EricRZimmerman, of Kroll's cyber security practice talking about prefetch and explaining his tool to get more, as well as whats new in Windows 10 prefetch
You can get Eric's prefetch parser here: https://github.com/EricZimmerman/Prefetch
http://www.kroll.com/en-us/who-we-are/kroll-experts/eric-zimmerman
Matthew and I showing how to use the hfs+ journal parser and what to do with it
You can get the HFS+ Journal parser here: https://www.gettriforce.com/product/hfs-journal-parser/
The first new lunch of the new year with
Sarah Holmes of the Foreman project (Open Source DFIR Matter Management), You can get a copy (and contribute to!) foreman here:
https://bitbucket.org/lowmanio/foreman/
You can contact Sarah here: sarah@lowmanio.co.uk
Michael Robinson of the Black T-Shirt Cyber Forensics Challenge talking about well the Black T-Shirt Cyber Forensics Challenge
You can join the Black T-Shirt Cyber Forensics Challenge here:
http://cyberforensicschallenge.com/
You can contact them at cyberforensicschallenge@gmail.com
Our FSEvents tool will be released just as soon as we write documentation for it. Want an early release for testing? Email me dcowen@g-cpartners.com