01 VMware Memory Forensics - Don't Miss This Important Detail! (41.31 MB) 02 Old School MS-DOS Commands for DFIR (93.62 MB) 03 Detecting PsExec Usage (70.7 MB) 04 A File's Life - File Deletion and Recovery (2) (223.45 MB) 05 Two Thumbs Up - Thumbnail Forensics (2) (55.48 MB) 06 Interview with Lesley Carhart (hacks4pancakes) (217.85 MB) 07 It's About Time - Timestamp Changes in Windows 11 (43.72 MB) 08 Digital Forensics Training You Can Actually Afford! (54.18 MB) 09 EZ Tools Manuals Interview with Andrew Rathbun (258.27 MB) 10 A New Program Execution Artifact - Windows 11 22H2 Update! (61.49 MB) 11 The Dissect Effect - An Open Source IR Framework (67.18 MB) 12 Let's Talk About MUICache (84.19 MB) 13 Impacket Impediments - Finding Evil in Event Logs (167.4 MB) 14 What's on My DFIR Box (64.1 MB) 15 MemProcFS - This Changes Everything (94.62 MB) 16 Anatomy of an NTFS FILE Record - Windows File System Forensics (78.82 MB) 17 The Case of the Disappearing Scheduled Task (46.04 MB) 18 Windows Hibernation Files - A Look Back in Time (57.74 MB) 19 Let's Talk About NTFS Index Attributes (51.78 MB) 20 Puzzling RDP Cache - Putting the Pieces Together (41.31 MB) 21 Detecting NTDS DIT Theft - ESENT Event Logs (47.91 MB) 22 EventTranscript db Deep Dive - New Windows Forensic Artifact! (235.15 MB) 23 Event Log Chainsaw Massacre - Powerful Threat Detection (81.81 MB) 24 User Access Logging (UAL) Forensics (2) (77.93 MB) 25 RDP Hashes - Event ID 1029 Explained (2) (33.6 MB) 26 Let's Talk About Shimcache - The Most Misunderstood Artifact (2) (81.96 MB) 27 Introduction to MFTECmd - NTFS MFT and Journal Forensics (80.1 MB) 28 Dumping Processes with Volatility 3 (32.75 MB) 29 The ABCs of WMI - Finding Evil in Plain Sight (61.31 MB) 30 Profiling Network Activity with Volatility 3 - GeoIP from Memory (46.03 MB) 31 Hashcat for Forensics - How Did They Get In (63.71 MB) 32 Plaso and WSL 2 - The WSL Adventures Continue (102.13 MB) 33 Volatility 3 and WSL 2 - Linux DFIR Tools in Windows (79.35 MB) 34 Getting Started with Plaso and Log2Timeline - Forensic Timeline Creation (215.74 MB) 35 Introduction to Cyber Triage - Fast Forensics for Incident Response (49.74 MB) 36 Linux Memory Forensics - Memory Capture and Analysis (38.46 MB) 37 What's In DS Store for You - macOS Forensics (64.75 MB) 38 Prefetch Deep Dive (160.18 MB) 39 Introduction to iLEAPP - iOS Forensics Made Easy (2) (89.22 MB) 40 Mini Memory CTF - A Memory Forensics Challenge (6.1 MB) 41 Extracting Prefetch from Memory (43.32 MB) 42 CVEs in Windows Event Logs What You Need to Know (27.34 MB) 43 Email Header Analysis and Forensic Investigation (106.22 MB) 44 Introduction to Kansa - PowerShell-based Incident Response (82.82 MB) 45 First Look at Volatility 3 Public Beta (53.93 MB) 46 Finding Evil with YARA (52.48 MB) 47 Linux Forensics! First Look at usbrip (34.17 MB) 48 Memory Forensics Baselines (44 MB) 49 Introduction to Arsenal Image Mounter (56.87 MB) 50 NTFS Journal Forensics (94.25 MB) 51 Introduction to EvtxECmd (77.81 MB) 52 First Look at Windows Terminal (18.34 MB) 53 Detecting Persistence in Memory (21.05 MB) 54 DFIR Home Labs - Storage Review (42.03 MB) 55 Mounting VHD VHDX Images in Linux (7.99 MB) 56 The Volume Shadow Knows (38.81 MB) 57 Free Tools From Magnet Forensics (13.44 MB) 58 DFIR Home Labs (63.06 MB) 59 EventFinder2 Demo (13.58 MB) 60 Introduction to KAPE (2) (57.23 MB) 61 Your Signature Is a JAR (16.74 MB) 62 Visual Analysis with ProcDOT (121.75 MB) 63 Forensics with fls, Volatility and Timeline Explorer - ft 13cubed (105.84 MB) 64 Pulling Threads (86.18 MB) 65 Triage Image Creation (59.87 MB) 66 Juicy PDFs (18.42 MB) 67 Cooking with CyberChef (63.5 MB) 68 Payload Distribution Format (25.78 MB) 69 Persistence Mechanisms (2) (52.51 MB) 70 Secret Office 365 Activities API (47.59 MB) 71 RDP Event Log Forensics (44.55 MB) 72 Some Assembly Required (77.77 MB) 73 Windows Process Genealogy - Update (39.67 MB) 74 Windows Process Genealogy (104.46 MB) 75 Event Log Forensics with Log Parser (80.43 MB) 76 Introduction to USB Detective (91.78 MB) 77 Volatility Profiles and Windows 10 (41.18 MB) 78 RDP Cache Forensics (34.55 MB) 79 Recycle Bin Forensics (28.64 MB) 80 ShellBag Forensics (53.53 MB) 81 Introduction to Plaso Heimdall (199.94 MB) 82 LNK Files and Jump Lists (142.76 MB) 83 Introduction to Redline - Update (16.49 MB) 84 Introduction to Redline (135.63 MB) 85 Windows NTFS Index Attributes ($I30 Files) (85.31 MB) 86 Windows Memory Analysis (185.56 MB) 87 Windows MACB Timestamps (NTFS Forensics) (172.14 MB) 88 Windows SRUM Forensics (162 MB) 89 Windows Application Compatibility Forensics (94.56 MB) 90 Introduction to Windows Forensics (400.98 MB) 91 Introduction to Memory Forensics (106.58 MB) 92 Browse Volume Shadow Copies on a Live Windows System (23.83 MB) 93 Windows Incident Response Practice Lab (24.93 MB) 94 Parse Email Headers and Files for GeoIP Location Data (18.8 MB)