Cobalt Strike Decoding
Introduction
Recent Posts
Handy DFIR Excel Formulas
Introduction
DFIR - Final result 1 - Powershell telemetry by Windows
TLDR Heaps of reddit posts and AV posts have discussed this command at length, with general users sometimes stating powershell.exe -ExecutionPolicy Restricte...
PowerShell Cheat Sheet
Introduction Script blocks i find myself using in powershell all the time
Negative Decimal DWORD to Human Format
Introduction This blog aims to ELI5, how negative numbers are stored in the Windows Registry, or any other DWORD for that matter. Why you may ask? Well, some...
DFIR Playbook - Windows Forensics(WIP APR21)
Introduction note this post is incomplete, Oct 2021, this is quite a large playbook to replicate This post aims to replicate my physical playbook on windows....
Mobile Phone Codes
Introduction This post aims to consolidate a list of useful smartphone codes
DFIR Playbook - Network Forensics
Introduction This post aims to replicate my physical playbook on Networking and includes the following tools
DFIR Playbook - Memory Analysis
Introduction This post aims to replicate my physical playbook on Memory Analysis and includes the following tools
Vmware VMDK mmls partition type
Update - 2022/04