
How to use Partition%4DiagnosticParser
In this post, Dimitrios presents how someone can use his Partition%4DiagnosticParser, in order to automatically extract all the available VSNs that reside in "Microsoft-Windows-Partition%4Diagnostic.evtx".
In this post, Dimitrios presents how someone can use his Partition%4DiagnosticParser, in order to automatically extract all the available VSNs that reside in "Microsoft-Windows-Partition%4Diagnostic.evtx".
This time we shall see, how we can utilize windows' event logs in order to locate the VSN of a desired removable device and determine if it changes and when.
This time I searched for artifacts that can help us determine if and when a user has logged in to her Google Account, using Google Chrome browser. Check this out.
Has the user logged in, or not? How sure can we be, when we examine Google Chrome and we want to answer this question? Dive in to find out.
Second part of Dropbox forensics and in this post we will see what artifacts remain after using Mozilla Firefox and Google Chrome to access this cloud service.
This post is all about Dropbox and the artifacts it may leave in a Windows 10 machine.
In this post we will dive into the artifacts that remain on a Windows 10 machine after using Google Drive via Mozilla Firefox and Google Chrome
My first post on this blog is about a favorite DFIR topic, Cloud Forensics. This research was made to explore Google Drive's native app and its artifacts on a Windows 10 machine.