mac_int: Automating the Forensic Review Process with Data Interpretation

Many of you may be familiar with Yogesh Khatri's revolutionary digital forensics tool, mac_apt. His tool does wonders by parsing macOS image files and outputting valuable artifact data. However, it is very easy for your forensic answers to be lost in the vast amount of information mac_apt provides. A small team, comprised of Zach Burnham... Continue Reading →

Instagram Forensics -Windows App Store

Instagram is a very popular social media application that allows its users to interact through uploaded photos, videos, and direct messages/chat threads. Used by 1/3 of mobile phone users in the world according to Pew Research Center, there is a potential for Instagram to be relevant in some digital forensic cases. The following are highlighted findings... Continue Reading →

Needle in the Haystack -DF MISCONCEPTIONS PART 1

We are all aware that Digital Forensics, like most other fields, has many misconceptions ingrained in its daily work. The immense separation between the technical knowledge and the general public creates an overwhelming disconnect that I believe should be worked on. With the hopes of closing this separation, here is quick answer to a common... Continue Reading →

DFS #9: What files were recently accessed?

Digital forensic investigators are typically hired to uncover what happened on a digital device. Regardless of what the device is (mobile phone, laptop, server, etc), they will do their best to produce a narrative of past system events. This narrative is often nothing more than an explained timeline of the system. To achieve this, investigators... Continue Reading →

Mac HFS+ System.log Parser

While working on a recent Mac project, I wrote this script that parses the contents of an HFS+ 'system.log' file. The script will take in the provided log file and output an organized database file. Although the newer APFS file system now utilizes unified logging, I figured I would publish this very simple script in... Continue Reading →

DFS #7 Is Anti-Forensics Legal?

We live in a digital world where almost everything we do is being monitored by technology. Our locations are being tracked by our mobile devices, CCTV security cameras are on almost every building, and even our banking is mostly done online. Most people, including myself, are concerned with how much of our personal lives is out... Continue Reading →

Microsoft HxStore.hxd (email) Research

Possible additional Windows Live Mail message location? Up until Windows 10, you could find email-related files with the extension ".EML".  These files presented the opportunity for email forensics. Once the new iteration of the Windows OS came about, it started storing files in alternative ways. It was found that a user's Windows Live Mail (I'll... Continue Reading →

Blog at

Up ↑

Create your website at
Get started