archives

The Sleuth Kit

This tag is associated with 4 posts

Following The RTM: Forensic Examination Of A Computer Infected With A Banking Trojan

by Oleg Skulkin  Researchers became aware of the activities of the RTM group in December 2015. Since then, phishing emails distributing the trojan have been sent to potential victims with admirable persistence. From September to December 2018 the RTM group sent out more than 11,000 malicious emails. The cybercriminals, however, are not going to stop … Continue reading

Autopsy 3: Windows-based, Easy to Use, and Free

If you are like many digital investigators, you’ve heard about the Autopsy™ digital forensics tool and associate it with a course that used Linux to analyze a device.  Or, maybe you associate it with a book that made references to the Linux/OS X tool, but it wasn’t applicable to you at the time because you … Continue reading

Digital Forensics on a (less than) shoestring budget – Part 2

by Ken Pryor In my last post, I talked about the various ways one can find training resources to assist in getting started in the field of digital forensics. In this post, I will go over some of the free and low cost software you can use and related information. A few years ago when … Continue reading

Description of the FAT fsstat Output

First published May 2005 by Brian Carrier reproduced with permission from The Sleuth Kit Informer, Issue 18 Overview The output of many TSK tools is relatively easy to understand because each tool has a specific focus. For example, the outut of fls is a list of file names and corresponding inode addresses. There are two … Continue reading

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,225 other followers