Following on from the previous [DFIR TOOLS] posts. First lets see what JumpLists are? Jump Lists are a feature in Microsoft Windows that provide quick access to recently used files, tasks, and specific actions associated with a particular application or program. They were introduced in Windows 7 and have been present in subsequent versions of…
Tag: ericzimmerman
![](https://i0.wp.com/thesecuritynoob.com/wp-content/uploads/2023/01/1-1.png?fit=850%2C533&ssl=1)
[DFIR TOOLS] Hasher, what is it & how to use!
Following on from the previous [DFIR TOOLS] posts. Hasher is a software application developed by Eric Zimmerman that is used to calculate and compare the hash values of files. A hash value is a unique code that is generated based on the contents of a file. By comparing the hash values of two files, it…
![](https://i0.wp.com/thesecuritynoob.com/wp-content/uploads/2022/09/image-19.png?fit=822%2C684&ssl=1)
[DFIR TOOLS] bstrings, what is it & how to use!
Following on from the previous [DFIR TOOLS] posts. [DFIR TOOLS] Timeline Explorer, what is it & how to use! [DFIR TOOLS] AmcacheParser, what is it & how to use [DFIR TOOLS] AppCompatCacheParser, what is it & how to use! This time I will speak about bstrings again from the Eric Zimmerman suite. We will start with…
![](https://i0.wp.com/thesecuritynoob.com/wp-content/uploads/2022/09/image-5.png?fit=850%2C488&ssl=1)
[DFIR TOOLS] AmcacheParser, what is it & how to use!
Following on from the previous [DFIR TOOLS] posts below, this time I will speak about AmcacheParser again from the Eric Zimmerman suite. [DFIR TOOLS] Timeline Explorer, what is it & how to use! We will start with Erics description on its purpose:- “Amcache.hve parser with lots of extra features. Handles locked files” But what is…