2019-02-15 -  Web browsing data can tell an analyst a lot about what happened on a system before they got their hands on it. Here’s how to extract the history of the most popular browser – Google Chrome – with a new Python module for our forensics tool. What is the Chrome...

2019-02-08 -  Last month I introduced my new project for 2019 – building a Raspberry Pi Home Hub with Python. Now it’s time to start coding the modules to generate the information screens, starting with the latest news, weather, and Tube updates. How the news screen will work As per the specifications...

2019-02-01 -  It’s been a while since I’ve written anything new for the series documenting my SQL learning, so this week I’m going to explain the various ways you can add, modify, and drop columns in a table using the ALTER TABLE statement. Many SQL database management systems provide nice graphical interfaces...

2019-01-18 -  This month’s new module for the MCAS Windows Forensic Gatherer queries the Windows Security event log to gather information on the user’s logon and logoff activities, helping us to determine exactly when they were using the system. What is the Windows Security event log and how does it help our...

2019-01-11 -  It’s a new year, and it’s time for a new project! Over the course of 2019 I’ll be building a Raspberry Pi Home Hub to display useful information like news, budget updates, energy usage, and more on a screen small enough to sit in the corner of my desk. I...

2019-01-04 -  In the last few months I’ve cut more than 30 minutes from my morning routine, freeing up time to sleep a little longer. When I thought about how my mornings have changed, I realised I’ve naturally followed a process used by software developers. Don’t worry – this isn’t one of...

2018-12-21 -  My next post on SQL takes a look at JOINs, which allow you to compare and merge two tables in various ways and determine the relationship between two sets of data. Here’s what INNER, LEFT, RIGHT, and FULL OUTER JOINs are and how to use them. Having gotten to grips...

2018-12-15 -  In a previous post I began building a Python tool that gathers Windows forensic artefacts and parses them into a timeline. In that post I wrote a function that gathers Windows Prefetch application data – this time, let’s take a look at the Recycle Bin. What is the Recycle Bin...

2018-11-23 -  Bit by bit, I’m going to build a Python tool to scrape a Windows system disk image for common forensic artefacts and build a CSV timeline from the evidence gathered. In this first post, I’ll parse and add the data stored in Windows Prefetch files. On my recent SANS course...

2018-10-12 -  I recently dipped my toe into the world of SQL for the first time and got my head around the basic operators and statements. Here’s a summary of how to construct basic queries. I’d had brushes with SQL before. Even when I was a journalist, I would do the occasional...