Blog
Latest news on digital forensics and AI analysis
Windows 10/11 ShimCache `10ts`: the 1-byte trap that silently returns zero records
If your forensic pipeline parses AppCompatCache with a 3-byte 'sts' signature search, it returns zero records on every Windows 10 1607+ image. Here is the byte-layout mistake, the second mistake right next to it, and how to verify your own parser in five minutes.
Detecting Malware with YARA Rules: A Practical Guide
From the basics to advanced techniques of malware detection using YARA rules. Learn how to write rules, perform real-world pattern matching, and build automated threat detection pipelines.
The Complete Guide to Windows Artifact Collection: From Prefetch to USN Journal
A detailed look at the essential artifacts to collect in Windows digital forensics. Learn the location, structure, and forensic value of Prefetch, EventLog, Registry, $MFT, USN Journal, and more.
AI Forensics Analysis: A Beginner's Guide to Evidence-Centered AI in Digital Investigations
Explore how evidence-centered AI analysis is changing digital forensics. Compare traditional investigation methods, real-world use cases, and future outlook.