Write-up: InfinityShell — Wild Wild Wolf
Cipher’s legion of bots has exploited a known vulnerability in our web application, leaving behind a dangerous web shell implant. Investigate the breach and trace the attacker's footsteps!| Wild Wild Wolf
ModeOne Technologies is proud to announce that CEO and Founder Matt Rasmussen will be speaking later this month at Southern Illinois University Simmons Law School’s eDiscovery class, where he’ll share insights on the future of digital forensics, mobile data collection, and innovation in legal technology. Matt’s presentation will explore how emerging technologies are transforming the […] The post ModeOne CEO Matt Rasmussen to Speak at Southern Illinois University Simmons Law School app...| ModeOne
Cipher’s legion of bots has exploited a known vulnerability in our web application, leaving behind a dangerous web shell implant. Investigate the breach and trace the attacker's footsteps!| Wild Wild Wolf
With the end of Windows 10 support approaching, we discuss which forensic artifacts in Windows 11 may be of interest.| securelist.com
ModeOne in the News | Published by The American Bar Association | Written by Matthew Rasmussen, CEO and Founder, ModeOne This article explores how investigative needs differ across legal contexts and why a “one-size-fits-all” approach to mobile data collection no longer works. Rasmussen explains how overcollection through full-device imaging can create unnecessary cost, privacy exposure, […] The post Mobile Data Collection in Criminal vs Civil Cases: Understanding the Differences and ...| ModeOne
Upgraded API enables seamless, automated transfer of smartphone data into Relativity for faster, more accurate and cost-effective review Overland Park, KS – Oct. 2, 2025 – ModeOne Technologies (ModeOne), the leader in remote smartphone data collection, announced the release of its enhanced API for Relativity Server and RelativityOne integration. The upgraded API delivers significant automation […]| ModeOne
Kaspersky experts share insights into how AmCache may prove useful during incident investigation, and provide a command line tool to extract data from this artifact.| securelist.com
Mobile devices are frequently the most important source of truth in legal proceedings, regulatory investigations, and internal audits. They include the context, metadata, and communications that can make or break a case. To gather mobile data, however, many legal and compliance teams continue to use conventional, face-to-face techniques, such as shipping devices, sending examiners, and […]| ModeOne
Intellectual property and trade secrets in the modern era are predominantly stored as electronic records, or electronically stored information (ESI), which in turn increases the potential for misappropriation, exfiltration, or theft of these sensitive documents to unauthorized parties or entities outside the company domain. Historically, these electronic records have been saved to hard drives, file […]| Ocean Tomo
On the latest EDRM Illumination Zone, HaystackID's Todd Tabor shared strategies for detecting deepfakes and global case insights. The post [Podcast] HaystackID® in the EDRM Illumination Zone: Todd Tabor, Senior Vice President of Forensics appeared first on HaystackID.| HaystackID
Explore key insights from the Summer 2025 eDiscovery Pricing Survey on forensic services — including hourly and per-device pricing for collections, examinations, and expert witness testimony — revealing market trends, standardization, and strategic value.| ComplexDiscovery
Overland Park, Kansas, August 25, 2025 – ModeOne Technologies (“ModeOne”), the pioneer in remote, same-day, targeted mobile data collections, today announced a joint initiative with Kuro Group (“Kuro”), an end-to-end eDiscovery service provider known for combining cutting-edge technology with highly personalized client service. Through this initiative, ModeOne and Kuro will align their core strengths—ModeOne’s patented […] The post Kuro Group Expands Client Offerings with Mode...| ModeOne
Cyber, legal, and forensics experts gathered at CTRL ALT Defend to rethink tools, tactics, and teamwork in today’s threat landscape.| HaystackID
In this FAQ, learn why ModeOne was built for secure, same-day, remote mobile data collection—and how we’re continuing to lead the way.| ModeOne
I'm happy to announce there is a new Hindsight release available! 2021.04.26 has many small improvements and fixes, including adding support Chrome 88 - 90, but the main new features are an Unfurl plugin and parsing of the Site Characteristics Database! Unfurl Plugin I'm excited that this new| dfir.blog
I take saved keystrokes from Chrome's Omnibox and graph them in a Sankey flow diagram.| dfir.blog
A look back at a year of tweeting every day about DFIR topics - including a recap of the most popular tweets, coverage trends, and what's next in 2021.| dfir.blog
There's a new database added in Chrome 86, dedicated to tracking media playback. Here's a first look at its contents!| dfir.blog
I tinker with TikTok - and find a timestamp embedded in video URLs!| dfir.blog
As i’m sure i’ve mentioned before, event logs are a great source of evidence when performing incident response. In particular, lateral movement can be one of the hardest things to ident…| Salt Forensics
Overview I recently attended the awesome SANS DFIR, Mac and iOS Forensics and Incident Response course with Sarah Edwards. This has obviously given me lots of great inspiration on how to negotiate …| Salt Forensics
Overview For those of us who don’t have access to those GrayKey boxes or Cellebrite services to acquire physical images of devices, we are generally reliant upon logical extractions of iOS due to l…| Salt Forensics
