Another Forensics Blog

Digital Forensics and Incident Response Research,Python Scripts and Musings

Pages

▼

Friday, January 5, 2018

Mounting an APFS image in Linux

As a follow up to my post on how to mount AFPS images on Windows, I wanted to post about how to mount an APFS image on a Linux system. If y...

Monday, January 1, 2018

How to mount Mac APFS images in Windows

APFS is the new file system for Mac OS, and so far, many forensic suites are playing catch up as far as support goes. As such, workarounds m...

Monday, October 16, 2017

Finding and Decoding Malicious PowerShell Scripts

PowerShell. It's everywhere. I've started coming across more and more malicious PowerShell scripts. Why do attackers love us...

Friday, February 24, 2017

Onion Peeler: Batch Tor Lookup Program

Logs, Logs, Logs. I see, IPs. When reviewing log files for suspect activity it can be helpful to look up information related to IP addresses...

Monday, February 20, 2017

When Windows Lies

Wait, What? Windows lies? I believe so... I worked a case where I checked the Windows Install date and it was a couple days before we rece...

Wednesday, October 5, 2016

Quicklook thumbnails.data parser

Earlier this year at the request of a reader I wrote a tool to parse the Quicklook thumbnails index.sqlite file. This sqlite database sto...

View web version

About Me

Mari DeGrazia: I am a Cyber Security professional specializing in Digital Forensics and Incident Response. I also enjoy Raspberry Pi projects and playing poker. Follow me on twitter @maridegrazia. Opinions are my own and not the views of my employer.

View my complete profile

Powered by Blogger.