Category: DFIR Tools

[DFIR TOOLS] JLECmd, what is it & how to use!

Posted on

Following on from the previous [DFIR TOOLS] posts. First lets see what JumpLists are? Jump Lists are a feature in Microsoft Windows that provide quick access to recently used files, tasks, and specific actions associated with a particular application or program. They were introduced in Windows 7 and have been present in subsequent versions of…

Read More

[DFIR TOOLS] Hasher, what is it & how to use!

Posted on

Following on from the previous [DFIR TOOLS] posts. Hasher is a software application developed by Eric Zimmerman that is used to calculate and compare the hash values of files. A hash value is a unique code that is generated based on the contents of a file. By comparing the hash values of two files, it…

Read More

[DFIR TOOLS] EvtxECmd, what is it & how to use!

Posted on

Following on from the previous [DFIR TOOLS] posts. This time we we are going to talk about one of my favourite tools EvtxECmd. So, what does Mr Zimmerman say about it:- But it is way more than just that, coupled with ‘Timeline Explorer’ it is a ridiculously powerful tool. Before I get into it there…

Read More

[DFIR TOOLS] bstrings, what is it & how to use!

Posted on

Following on from the previous [DFIR TOOLS] posts. [DFIR TOOLS] Timeline Explorer, what is it & how to use! [DFIR TOOLS] AmcacheParser, what is it & how to use [DFIR TOOLS] AppCompatCacheParser, what is it & how to use! This time I will speak about bstrings again from the Eric Zimmerman suite. We will start with…

Read More

[DFIR TOOLS] AmcacheParser, what is it & how to use!

Posted on

Following on from the previous [DFIR TOOLS] posts below, this time I will speak about AmcacheParser again from the Eric Zimmerman suite. [DFIR TOOLS] Timeline Explorer, what is it & how to use! We will start with Erics description on its purpose:- “Amcache.hve parser with lots of extra features. Handles locked files” But what is…

Read More