Windows Resilient File System Forensics

Ken Mizota

In the fall of 2012, Microsoft made Windows Server 2012 generally available with a quietly announced feature: Resilient File System (ReFS). Of course, Microsoft does not roll out new file systems casually, and when they do, the ripple effects are generally felt slowly. NTFS has been generally available since Windows NT 3.1, released in 1993. If one runs a data center of any size, swapping out the underlying file system of critical or precious data is not a decision taken lightly. In large part, this justifies a general complacence in our field of digital forensics tools when considering how to deal with this new file system. Today, ReFS is a rare bird: investigators just don’t see it very often. We think that is going to begin to change later this year.

Volatility Reporting Plugin for EnCase Forensic v7

Guidance Software

As most investigators know, volatile memory contains valuable information about the runtime state of the system, registry keys, network connections in memory and much more. One of the most popular tools to handle memory analysis is Volatility, an open source tool created by Volatile Systems.

EnCase App Central - Destined To Be A Game Changer

Chet Hosmer

We are all painfully aware that criminals share their secrets, exploits and even technology. Those investigating cybercrime, attempting to pre-empt dangerous criminals, or finding new ways to rapidly clear cases must be on equal footing.

Whether on the desktop, server, smart mobile device, cloud or on a network, investigating cybercrime requires a combination of exceptional tools along with expert knowledge. One of the unique elements of investigating cybercrime efficiently is that you need expertise in both computer science and social science. Unfortunately, there has not been a solid methodology to bring this cross domain expertise to fruition. It is vital that we close this gap and create a greater overlap between these domains.

C-TAK by WetStone

Guidance Software

Unveiling cyber threats that can impact investigations

Many cyber investigations require a comprehensive understanding of any cyber threats or malware infestation that may impact examinations. The impacts to criminal investigations, civil litigation, human resource actions and incident response engagements can be serious, depending upon the specific threats or malware discovered.

Examining Mac OS X User & System Keychains

Simon Key


To forensic examiners with little or no knowledge of Mac OS X, the concept of a Mac OS X keychain may be an alien one. This article aims to provide an overview of the following with regards to Mac OS X keychains –