Tootfinder

Colleague tried to upgrade his #forensics workstation from #Windows 10 to 11 today.
No forensic examination from him this week :-)
#dfir

My biggest issue with all the SBOM standards is the lack of a requirement to include hashes for each component/file, instead of just one big hash or signature. For forensic investigations or incident response, that level of detail is actually the most important aspect.
#sbom #dfir

ActivitiesCache.db FTW!!!
#dfir #infosec #DigitalForensics

when your #forensics workstations CPU is that hard under pressure that even the mp3-player stops working...
#dfir #digitalforensics