Author Archives: 13Cubed

Memory Forensics Baselines

September 16th, 2019 | πŸ•’

As a continuation of the “Introduction to Memory Forensics” series, this episode covers a trio of Volatility plugins that can


NTFS Journal Forensics

August 5th, 2019 | πŸ•’

As a continuation of the “Introduction to Windows Forensics” series, this episode covers file system journaling in NTFS. From a


Introduction to Windows Forensics

April 4th, 2019 | πŸ•’

An introduction to basic Windows forensics, covering topics including UserAssist, Shellbags, USB devices, network adapter information and Network Location Awareness


RDP Event Log Forensics

June 18th, 2018 | πŸ•’

As a continuation of the “Introduction to Windows Forensics” series, this episode takes a comprehensive look at the Windows event


RDP Cache Forensics

February 12th, 2018 | πŸ•’

As a continuation of the “Introduction to Windows Forensics” series, this video introduces Remote Desktop Protocol (RDP) Cache Forensics. Did


Recycle Bin Forensics

January 22nd, 2018 | πŸ•’

As a continuation of the “Introduction to Windows Forensics” series, this video introduces Recycle Bin Forensics. From Windows 95 to


Shellbag Forensics

January 1st, 2018 | πŸ•’

As a continuation of the “Introduction to Windows Forensics” series, this video introduces Shellbags. Have you ever customized the folder


Windows SRUM Forensics

August 5th, 2017 | πŸ•’

As a continuation of the “Introduction to Windows Forensics” series, this video introduces the System Resource Utilization Monitor (SRUM). This


Introduction to Memory Forensics

May 26th, 2017 | πŸ•’

An introduction to memory forensics and a sample exercise using Volatility 2.6 to analyze a Windows 10 image. #Forensics #DigitalForensics