Matthew SeyerOpcode And Task Enumeration. and shell items?Continuing my momentum on my PyWindowsThingies (name to change one day) project. Today I add Task and Operation enumeration for ETW events…Mar 19, 20191Mar 19, 20191
Matthew SeyerSmall Wins and MomentumLast posting I expressed my desire to learn to do more in my DFIR play time due to having less play time. I am starting my journey into…Mar 18, 2019Mar 18, 2019
Matthew SeyerMore DFIR With Less TimeIf you haven’t noticed, there has been a lot of amazing DFIR contributions lately! Eric Zimmerman rocks the community once again with…Mar 13, 20191Mar 13, 20191
Matthew SeyerNo run counts in UserAssistI feel like a college student again! I missed the deadline to submit my answer for David Cowen’s HECF Sunday Funday challenge. However, I…Jan 19, 2019Jan 19, 2019
Matthew SeyerWindows Activity Cache in JSONLAs you know, I love putting my DFIR data into arangodb.Sep 10, 20181Sep 10, 20181
Matthew SeyerPrefetch, Rust, Python, Big Data… DFIRJanuary 1st… Thats how long its been since I last updated you with my latest happenings with Rust and DFIR. But, I’ve been busy! My first…Mar 31, 2017Mar 31, 2017
Matthew SeyerMy Next Steps in Rust for DFIRMy last couple of posts have been on my journey learning Rust and showing some tid bits of common concepts a DFIR tool might incorporate…Jan 2, 2017Jan 2, 2017
Matthew SeyerLearning Rust pt. 4 — Binary Data, DateTimes, and UTF-16Its time to parse some USN records! This continues on with my journey into learning Rust to create DRIF tools. We are looking into my first…Dec 24, 2016Dec 24, 2016
Matthew SeyerLearning Rust pt. 3 — Structures and FunctionsNow we are getting to the good stuff! One of my favorite things about the DFIR community is the plethora of tools that are constantly being…Dec 23, 2016Dec 23, 2016
Matthew SeyerLearning Rust Pt. 2 — Command Line ArgumentsToday we are looking at how to parse command line arguments! Something most tools will need to do, unless you get crazy and like to design…Dec 22, 2016Dec 22, 2016
