This month’s new module for the MCAS Windows Forensic Gatherer queries the Windows Security event log to gather information on the user’s logon and logoff activities, helping us to determine exactly when they were using the system.
It’s a new year, and it’s time for a new project! Over the course of 2019 I’ll be building a Raspberry Pi Home Hub to display useful information like news, budget updates, energy usage, and more on a screen small enough to sit in the corner of my desk.
In the last few months I’ve cut more than 30 minutes from my morning routine, freeing up time to sleep a little longer. When I thought about how my mornings have changed, I realised I’ve naturally followed a process used by software developers.
My next post on SQL takes a look at JOINs, which allow you to compare and merge two tables in various ways and determine the relationship between two sets of data. Here’s what INNER, LEFT, RIGHT, and FULL OUTER JOINs are and how to use them.
In a previous post I began building a Python tool that gathers Windows forensic artefacts and parses them into a timeline. In that post I wrote a function that gathers Windows Prefetch application data – this time, let’s take a look at the Recycle Bin.