Defcon DFIR CTF 2019 writeup - Triage VM

This year an unofficial Defcon DFIR CTF was provided by Champlain College‚Äôs Digital Forensic Association. They created challenges in 5 topics which are available for anyone for a little practice on this site: defcon2019.ctfd.io. The challenges are sorted into the following categories: DFA Crypto Challenge Deadbox Forensics Linux Forensics Memory Forensics Triage VM Questions I’m pretty new in forensics, started my journey approximately 9 months ago and have been doing it as an active hobby for 6 months now.
Read more

USB storage forensics in Win10 #1 - Events

Having information about USB devices connected to a system can be essential for some investigations and analyses. Most of the removable storages used nowadays are USB pen drives so knowing how to identify and investigate these is crucial. The main purpose of USB drive forensic analysis is to identify the connected devices and find some of the following information about it: connection and removal time, files copied to or from the device, opened and executed files and software from the attached drive.
Read more