How to use Partition%4DiagnosticParser
In this post, Dimitrios presents how someone can use his Partition%4DiagnosticParser, in order to automatically extract all the available VSNs that reside in "Microsoft-Windows-Partition%4Diagnostic.evtx".
Read MoreHow to use Partition%4DiagnosticParser
Are you sure you extract all the available Volume Serial Numbers (VSNs) that reside in the Windows 10 Event Log “Microsoft-Windows-Partition%4Diagnostic.evtx”?
This time we shall see, how we can utilize windows' event logs in order to locate the VSN of a desired removable device and determine if it changes and when.
Has the user logged into this account, or not? (Google Chrome’s Web Data-Part 2)
This time I searched for artifacts that can help us determine if and when a user has logged in to her Google Account, using Google Chrome browser. Check this out.
Has the user logged into this account, or not? (Google Chrome’s Login Data-Part 1)
Has the user logged in, or not? How sure can we be, when we examine Google Chrome and we want to answer this question? Dive in to find out.
Artifacts of Dropbox Usage on Windows 10 (Part 2)
Second part of Dropbox forensics and in this post we will see what artifacts remain after using Mozilla Firefox and Google Chrome to access this cloud service.
Artifacts of Dropbox Usage on Windows 10 (Part 1)
This post is all about Dropbox and the artifacts it may leave in a Windows 10 machine.
Artifacts of Google Drive Usage on Windows 10 (Part 2)
In this post we will dive into the artifacts that remain on a Windows 10 machine after using Google Drive via Mozilla Firefox and Google Chrome
Artifacts of Google Drive Usage on Windows 10 (Part 1)
My first post on this blog is about a favorite DFIR topic, Cloud Forensics. This research was made to explore Google Drive's native app and its artifacts on a Windows 10 machine.