Another Forensics Blog

Digital Forensics and Incident Response Research,Python Scripts and Musings

Pages

▼

Thursday, February 27, 2020

Detecting Lateral Movement with WinSCP

RDP is a common way for an attacker to move laterally within an environment. Forensically, when an attacker uses RDP we can use artifacts ...

Wednesday, August 21, 2019

Triage Collection and Timeline Generation with KAPE

As a follow up to my SANS webcast , I wanted to post detailed instructions on how to use KAPE to collect triage data and generate a mini-t...

Wednesday, June 13, 2018

Malicious PowerShell in the Registry: Persistence

This is the second part in my series on Finding and Decoding Malicious PowerShell Scripts. My first blog post walked through how to find ...

Friday, January 5, 2018

Mounting an APFS image in Linux

As a follow up to my post on how to mount AFPS images on Windows, I wanted to post about how to mount an APFS image on a Linux system. If y...

Monday, January 1, 2018

How to mount Mac APFS images in Windows

APFS is the new file system for Mac OS, and so far, many forensic suites are playing catch up as far as support goes. As such, workarounds m...

Monday, October 16, 2017

Finding and Decoding Malicious PowerShell Scripts

PowerShell. It's everywhere. I've started coming across more and more malicious PowerShell scripts. Why do attackers love us...

View web version

About Me

Mari DeGrazia: I am a Cyber Security professional specializing in Digital Forensics and Incident Response. I also enjoy Raspberry Pi projects and playing poker. Follow me on twitter @maridegrazia. Opinions are my own and not the views of my employer.

View my complete profile

Powered by Blogger.