Twitter | Search | |
David Cowen
SANS Certified Instructor, Expert Witness, Hacking Exposed Computer Forensics author and Blog author
6,039
Tweets
975
Following
11,957
Followers
Tweets
David Cowen retweeted
Russ McRee 16h
I feel coming on: Beagle is a tool which transforms data sources & logs into graphs. Supported sources include Windows EVTX files, SysMon logs & raw Windows memory images. Resulting graphs can be sent to graph DBs or kept locally. W8 4 it.
Reply Retweet Like
David Cowen 14h
Replying to @errno_fail
Fascinating, I'm going to have two read that two more times ... With coffee
Reply Retweet Like
David Cowen retweeted
Maxim Suhanov 23h
Reply Retweet Like
David Cowen retweeted
Hadar Yudovich 24h
Working on another blog post on , with some cool new Targets & Modules for 's KAPE. I challenged myself to solve the 2018 Unofficial DEFCON DFIR CTF (by & ) using only KAPE. Wish me luck.
Reply Retweet Like
David Cowen Mar 24
Replying to @darizotas
Thanks, I hope to see more entries from you in the future!
Reply Retweet Like
David Cowen retweeted
Darío Mar 23
Replying to @HECFBlog
Thanks! You are doing a great job for the DFIR community and encouraging to people to try out. Move out from the comfort zone. Keep posting!
Reply Retweet Like
David Cowen Mar 23
Congratulations to for winning this week's Sunday Funday!
Reply Retweet Like
David Cowen Mar 22
In my speed test I'm getting 2mbs up from my hotel. Let's see if that's enough for a stream later!
Reply Retweet Like
David Cowen retweeted
Heather Mahalik Mar 21
There are still a few seats left in Orlando! Be the first to get the updated New labs, new material, new layout. Same cool vibe. ;)
Reply Retweet Like
David Cowen Mar 21
Many will enter, one will win
Reply Retweet Like
David Cowen retweeted
Phill Moore Mar 21
Reply Retweet Like
David Cowen Mar 19
Replying to @gmdgeek
Thanks for todays blogpost inspiration there's what I use
Reply Retweet Like
David Cowen retweeted
Hadar Yudovich Mar 19
I had some free time this weekend, so I started learning Mac OSX Forensics. Since learning something new never works smoothly for me, I learned about parsing plist files the hard way.
Reply Retweet Like
David Cowen Mar 18
You wouldn't want Elmo with you?
Reply Retweet Like
David Cowen retweeted
Ryan Benson Mar 15
New version of Hindsight is out (v2.3)! Highlights: 🔹Parses Chrome versions 1 - 73 🔹Search input paths and parse all found Profiles 🔹Parse LevelDB section of Local Storage Blog: Download🔻:
Reply Retweet Like
David Cowen Mar 12
Replying to @EricRZimmerman
Well that's not good
Reply Retweet Like
David Cowen retweeted
Arsenal Recon Mar 11
We're working hard to launch the next major version of Arsenal Image Mounter as soon as possible. Here's a screenshot of one-click launching virtual machines from three forensic images mentioned on the !
Reply Retweet Like
David Cowen Mar 11
Nice!
Reply Retweet Like
David Cowen Mar 11
It's very popular and quite applicable and we'll used. I looked at it for historical purposes in the past
Reply Retweet Like
David Cowen retweeted
Jean-Ph˙ ͜ʟ˙ppe Mar 11
Also, if you are investigating Windows < 10 you can also use bits parser to extract BITS jobs from QMGR queue
Reply Retweet Like