Twitter | Search | |
David Cowen
SANS Certified Instructor, Expert Witness, Hacking Exposed Computer Forensics author and Blog author
5,536
Tweets
1,056
Following
10,878
Followers
Tweets
David Cowen 9h
Hey Check out this weeks Sunday Funday challenge all about Windows Server Execution Artifacts! Win a $100 Amazon Giftcard!
Reply Retweet Like
David Cowen Oct 12
Replying to @CdtDelta
Not tonight!
Reply Retweet Like
David Cowen Oct 12
Hey live in a few minutes the test kitchen! You can watch it here Tonight deleting files and testing how the objectid index is changed
Reply Retweet Like
David Cowen Oct 12
Now this has to happen
Reply Retweet Like
David Cowen retweeted
Hideaki Ihara Oct 12
Reply Retweet Like
David Cowen Oct 12
Replying to @gmdgeek
Awesome! You'll learn alot and I know there will be people waiting to watch you who want to learn the same things.
Reply Retweet Like
David Cowen Oct 11
Replying to @gmdgeek
Tomorrow night!
Reply Retweet Like
David Cowen Oct 11
Replying to @jtsylve
They are appreciated and enjoyed DR
Reply Retweet Like
David Cowen Oct 11
Hey and , If you don't have time to watch the test kitchen I summarize what we learned on the blog each night. You can find out what we learned this evening about objectids and network shares here
Reply Retweet Like
David Cowen Oct 11
Hey ! Live in a few minutes, the test kitchen! Tonight looking to see if objectids are created across network shares and what happens to objectids after deletions and wiping
Reply Retweet Like
David Cowen Oct 11
Replying to @JamesHabben
Ssh you'll scare it away
Reply Retweet Like
David Cowen retweeted
LimaCharlie Oct 11
This isn't your grandma's EDR. Get endpoint visibility and control in less than 15 clicks. Watch this short video to see how easy it is. Video:
Reply Retweet Like
David Cowen Oct 11
Replying to @JPoForenso
We stopped after an alpha of 3, we've been using xways for it lately
Reply Retweet Like
David Cowen Oct 10
Replying to @errno_fail
Well that was an interesting night of testing, most of which was me learning more about yarp library and making bad rushed code. But in the end it worked and we got new facts!
Reply Retweet Like
David Cowen Oct 10
Hey I'm going live in a few minutes for more registry transaction logs testing! more watch here
Reply Retweet Like
David Cowen Oct 10
Replying to @LitMoose
I recommend just setting an hour a night aside for dfir research, the time in-between sessions allows for more critical thinking to solve the harder problems
Reply Retweet Like
David Cowen retweeted
Arsenal Recon Oct 10
Registry Recon v2.2.2.0065 Beta launched, with improvements to Bookmarks & mounting/dismounting forensic images. Check out this screenshot (from & 's Magnet CTF) to see some core Registry Recon concepts!
Reply Retweet Like
David Cowen Oct 10
Replying to @jtsylve @B1N2H3X and 15 others
Same
Reply Retweet Like
David Cowen Oct 9
The test kitchen is going live in a minute tune in for some registry transaction log testing with the TypedPaths key
Reply Retweet Like
David Cowen Oct 9
Replying to @errno_fail
Nice!
Reply Retweet Like