Unfurl v2025.03 adds new features, including parsing Google Search's UDM parameter, support for Mastodon forks (like Truth Social), and a utility parser to "clean up" inputs.| dfir.blog
Hindsight v2025.03 focuses on Extensions - parsing more activity and state records, highlighting Extension permissions, and making it easier to examine Manifests.| dfir.blog
Unfurl v2025.02 adds parsing of obfuscated IP addresses, more Bluesky timestamps, and more!| dfir.blog
I watch Netflix's Carry-On, notice a real Google Search URL on screen, extract lots of data points from it and "authenticate" the screenshot.| dfir.blog
The talk "What Can DFIQ Do For You?" that Jon Brown and I gave at the SANS DFIR Summit 2023 has been posted on YouTube!| dfir.blog
Unfurl v2023.09 adds parsing for JWTs, URLs with encoded DoH (DNS over HTTPS) requests, and more Mastodon servers.| dfir.blog
This "social media edition" Unfurl release includes parsing Twitter sharing codes, timestamps from Mastodon and LinkedIn IDs, expanding Substack redirects, & more!| dfir.blog
Unfurl v2022.02 adds parsing for Google Search's aqs parameter, integrates MISP "warninglists", adds 3x more shortlink expansions, and more!| dfir.blog
Hindsight v2021.12 adds parsing of more preference items, site settings (including HSTS records), Session Storage, and more!| dfir.blog
To support stronger security for Chrome, some network-related files - including the Cookies database - are moving locations on disk.| dfir.blog
A new Unfurl release is here! v2021.06.15 adds decoding of some Metasploit URLs, hash identification and API lookups, more control over remote lookups, better UUID parsing, and a few more shortlink expansions. It also has a number of smaller fixes, code cleanups, and tests.| dfir.blog
I'm happy to announce there is a new Hindsight release available! 2021.04.26 has many small improvements and fixes, including adding support Chrome 88 - 90, but the main new features are an Unfurl plugin and parsing of the Site Characteristics Database! Unfurl Plugin I'm excited that this new| dfir.blog
I take saved keystrokes from Chrome's Omnibox and graph them in a Sankey flow diagram.| dfir.blog
Latest Hindsight version (2021.01.16) brings exciting new features: improved LevelDB parsing (including deleted!), viewing Hindsight results in the web UI, and more!| dfir.blog
A look back at a year of tweeting every day about DFIR topics - including a recap of the most popular tweets, coverage trends, and what's next in 2021.| dfir.blog
There's a new database added in Chrome 86, dedicated to tracking media playback. Here's a first look at its contents!| dfir.blog
My talk "Extract and Visualize Data from URLs using Unfurl" at the SANS DFIR Summit 2020 has been posted on YouTube! I had a great time presenting at the first ever virtual DFIR Summit (yay 2020). Check out the video below and give Unfurl a try!| dfir.blog
I tinker with TikTok - and find a timestamp embedded in video URLs!| dfir.blog