When I was pretty fresh in the field of digital forensics, I picked this new thing called Google Chrome to dig into. There weren't a lot of tools out there that could parse it and I thought learning about browser history would be a useful skill for me. I started| dfir.blog
The talk "What Can DFIQ Do For You?" that Jon Brown and I gave at the SANS DFIR Summit 2023 has been posted on YouTube!| dfir.blog
Unfurl v2023.09 adds parsing for JWTs, URLs with encoded DoH (DNS over HTTPS) requests, and more Mastodon servers.| dfir.blog
Unfurl v2022.02 adds parsing for Google Search's aqs parameter, integrates MISP "warninglists", adds 3x more shortlink expansions, and more!| dfir.blog
Hindsight v2021.12 adds parsing of more preference items, site settings (including HSTS records), Session Storage, and more!| dfir.blog
A new Unfurl release is here! v2021.06.15 adds decoding of some Metasploit URLs, hash identification and API lookups, more control over remote lookups, better UUID parsing, and a few more shortlink expansions. It also has a number of smaller fixes, code cleanups, and tests.| dfir.blog
I'm happy to announce there is a new Hindsight release available! 2021.04.26 has many small improvements and fixes, including adding support Chrome 88 - 90, but the main new features are an Unfurl plugin and parsing of the Site Characteristics Database! Unfurl Plugin I'm excited that this new| dfir.blog
I take saved keystrokes from Chrome's Omnibox and graph them in a Sankey flow diagram.| dfir.blog
Latest Hindsight version (2021.01.16) brings exciting new features: improved LevelDB parsing (including deleted!), viewing Hindsight results in the web UI, and more!| dfir.blog
I tinker with TikTok - and find a timestamp embedded in video URLs!| dfir.blog
