Following on from the previous [DFIR TOOLS] posts. First lets see what JumpLists are? Jump Lists are a feature in Microsoft Windows that provide quick access to recently used files, tasks, and specific actions associated with a particular application or program. They were introduced in Windows 7 and have been present in subsequent versions of…
Category: DFIR Tools
![](https://i0.wp.com/thesecuritynoob.com/wp-content/uploads/2023/01/1-1.png?fit=850%2C533&ssl=1)
[DFIR TOOLS] Hasher, what is it & how to use!
Following on from the previous [DFIR TOOLS] posts. Hasher is a software application developed by Eric Zimmerman that is used to calculate and compare the hash values of files. A hash value is a unique code that is generated based on the contents of a file. By comparing the hash values of two files, it…
![](https://i0.wp.com/thesecuritynoob.com/wp-content/uploads/2022/12/87684216-fe3d5e80-c74f-11ea-84ab-6b548ef42bf3.png?fit=821%2C292&ssl=1)
[DFIR TOOLS] EvtxECmd, what is it & how to use!
Following on from the previous [DFIR TOOLS] posts. This time we we are going to talk about one of my favourite tools EvtxECmd. So, what does Mr Zimmerman say about it:- But it is way more than just that, coupled with ‘Timeline Explorer’ it is a ridiculously powerful tool. Before I get into it there…
![](https://i0.wp.com/thesecuritynoob.com/wp-content/uploads/2022/09/image-19.png?fit=822%2C684&ssl=1)
[DFIR TOOLS] bstrings, what is it & how to use!
Following on from the previous [DFIR TOOLS] posts. [DFIR TOOLS] Timeline Explorer, what is it & how to use! [DFIR TOOLS] AmcacheParser, what is it & how to use [DFIR TOOLS] AppCompatCacheParser, what is it & how to use! This time I will speak about bstrings again from the Eric Zimmerman suite. We will start with…
![](https://i0.wp.com/thesecuritynoob.com/wp-content/uploads/2022/09/image-17.png?fit=850%2C451&ssl=1)
[DFIR TOOLS] AppCompatCacheParser, what is it & how to use!
Following on from the previous [DFIR TOOLS] posts. [DFIR TOOLS] Timeline Explorer, what is it & how to use! [DFIR TOOLS] AmcacheParser, what is it & how to use This time I will speak about AppCompatCacheParser again from the Eric Zimmerman suite. We will start with Erics description on its purpose:- AppCompatCache aka ShimCache parser. Handles…
![](https://i0.wp.com/thesecuritynoob.com/wp-content/uploads/2022/09/image-5.png?fit=850%2C488&ssl=1)
[DFIR TOOLS] AmcacheParser, what is it & how to use!
Following on from the previous [DFIR TOOLS] posts below, this time I will speak about AmcacheParser again from the Eric Zimmerman suite. [DFIR TOOLS] Timeline Explorer, what is it & how to use! We will start with Erics description on its purpose:- “Amcache.hve parser with lots of extra features. Handles locked files” But what is…
![](https://i0.wp.com/thesecuritynoob.com/wp-content/uploads/2022/09/image.png?fit=850%2C508&ssl=1)
[DFIR TOOLS] Timeline Explorer, what is it & how to use!
I am going to try something different for this post and the other I plan to do in this type of upcoming articles because I plan to speak about different tools in ‘Digital Forensics & Incident Response’ starting with all the tools by Eric Zimmerman and then moving on to others. Partly this is for…