The Forensic Lunch!
The 1 hour, usually, videocast/podcast that brings you the latest in new DFIR research, topics and people.
This weeks guests:
Hal Pomeranz,@hal_pomeranz, of Deer Run associates talking about updates to his Linux Memory Grabber and some research into bash_history behavior.
You can get the linux memory grabber he discussed here https://github.com/halpomeranz/lmg
Hal can be reached at hal@deer-run.com
Eric Zimmerman,@EricRZimmerman, of Kroll's cyber security practice talking about prefetch and explaining his tool to get more, as well as whats new in Windows 10 prefetch
You can get Eric's prefetch parser here: https://github.com/EricZimmerman/Prefetch
http://www.kroll.com/en-us/who-we-are/kroll-experts/eric-zimmerman
Matthew and I showing how to use the hfs+ journal parser and what to do with it
You can get the HFS+ Journal parser here: https://www.gettriforce.com/product/hfs-journal-parser/