An aggregator for digital forensics blogs
This new version of format-bytes brings support for TLV records.
Here is an example with certificates in the Windows registry:
More details will be provided in an upcoming blog post.
format-bytes_V0_0_9.zip (https)
MD5: 2F97370D12A7DBB53EB8B30AA0A40463
SHA256: 87C9F3120673C0E92C9562EC2687B60AA93DAF612CE854939E48F6E902BFBBB4
A reminder to myself, how to set a nslookup type via the command-line:
The label of the root domain is an empty string, hence a FQDN with root domain ends with a dot (.), like google.com. :
Quickpost info
Here is an overview of content I published in June:
Blog posts:
Update: sets.py Version 0.0.3 Quickpost: C Random Functions in Other Languages Update: virustotal-search.py Version 0.1.5 New Tool: amsiscan.pySANS ISC Diary entries:
Tip: BASE64 Encoded PowerShell Scripts are Recognizable by the Amount of Letter As Tip: Sysmon Will Log DNS Queries Sysmon Version 10: DNS LoggingNVISO blog posts:
Solving a CTF challenge: Exploiting a Buffer Overflow (video) Malicious SYLK Files with MS Excel 4.0 Macros