How to use Partition%4DiagnosticParser
Published Date: December 7, 2020
In this post, Dimitrios presents how someone can use his Partition%4DiagnosticParser, in order to automatically extract all the available VSNs that reside in "Microsoft-Windows-Partition%4Diagnostic.evtx".
Are you sure you extract all the available Volume Serial Numbers (VSNs) that reside in the Windows 10 Event Log “Microsoft-Windows-Partition%4Diagnostic.evtx”?
Published Date: December 2, 2020
This time we shall see, how we can utilize windows' event logs in order to locate the VSN of a desired removable device and determine if it changes and when.
Has the user logged into this account, or not? (Google Chrome’s Web Data-Part 2)
Published Date: September 26, 2020
This time I searched for artifacts that can help us determine if and when a user has logged in to her Google Account, using Google Chrome browser. Check this out.
Has the user logged into this account, or not? (Google Chrome’s Login Data-Part 1)
Published Date: September 15, 2020
Has the user logged in, or not? How sure can we be, when we examine Google Chrome and we want to answer this question? Dive in to find out.
Artifacts of Dropbox Usage on Windows 10 (Part 2)
Published Date: September 8, 2020
Second part of Dropbox forensics and in this post we will see what artifacts remain after using Mozilla Firefox and Google Chrome to access this cloud service.
Artifacts of Dropbox Usage on Windows 10 (Part 1)
Published Date: September 4, 2020
This post is all about Dropbox and the artifacts it may leave in a Windows 10 machine.
Artifacts of Google Drive Usage on Windows 10 (Part 2)
Published Date: September 3, 2020
In this post we will dive into the artifacts that remain on a Windows 10 machine after using Google Drive via Mozilla Firefox and Google Chrome
Artifacts of Google Drive Usage on Windows 10 (Part 1)
Published Date: August 28, 2020
My first post on this blog is about a favorite DFIR topic, Cloud Forensics. This research was made to explore Google Drive's native app and its artifacts on a Windows 10 machine.