An aggregator for digital forensics blogs
Here is an update to my Python templates (binary and text files).
I’ll explain the updates to each template in upcoming blog posts.
python-templates_V0_0_2.zip (https)
MD5: 082812485D24AD0E3D12F1618BC44367
SHA256: 98DE8BEC508C7E678D294DD630466DA175524D4180C1E8C3A6C06EE11587981E
This update for translate.py, a tool to “Translate bytes according to a Python expression”, adds a new function for XOR multy-byte-key encoding/decoding.
translate_v2_5_7.zip (https)
MD5: 886C1B4C518EA58F972F87980994B976
SHA256: 01E4239E050DE4853AC53020CCE44C9804003A4A2C195974B5B16AEDD1B8E1B1
Based on a Twitter thread from 19 Feb 2020, during which Phill Moore made the request, I updated RegRipper to check for "dirty" hives, and provided a warning that RegRipper does NOT automatically process Registry transaction logs. This can be an … [Continue Reading]