Over the years, every now and then I've taken a look around to try to see where RegRipper is used. I noticed early on that it's included in several security-oriented Linux distros. So, I took the opportunity to compile some of the links I'd found, … [Continue Reading]
On Writing DFIR Books, pt II
Part I of this series kicked things off for us, and honestly I have no idea how long this series will be...I'm just writing the posts without a specific plan or outline for the series. In this case, I opted to take an organic approach, and wanted to … [Continue Reading]
Tips for DFIR Analysts, pt II
On the heels of my first post with this subject, I thought I'd continue adding tips as they came to mind...I've been engaged with EDR frameworks for some time now. I first became aware of Carbon Black before it was "version 1.0", and before … [Continue Reading]