Chip_DFIR

I am Chip (Aka Dale) and I work in the DFIR arena for a large UK CERT. Happily married to my wife Colleen I enjoy rugby , F1 and anything computer related has always peaked my interest!

20 posts •

RSS

New Home For My Blog

Just a quick blog post for the reasoning behind moving my blog. There were several reasons for the move, the main one being the relocation to the techanarchy.net domain. The techanarchy blog

Full Story

Timestamp Anomalies - $MFT

Going through my SANS 508 material I decided to have a closer look at some of the material on the Master File Table ($MFT) in the NTFS file system and how the analysis

Full Story

Timeline Creation - Part 2 (Super Timeline)

As promised in my previous blog post I would be moving on to create a Super Timeline and my reasons for carrying this out after the filesystem timeline is purely down to the

Full Story

Timeline Creation - Part 1 (Filesystem Timeline)

As I mentioned previously I am currently studying for my GCFA (GIAC Certified Forensic Analyst) exam and as part of my revision I am completing the exercises in the workbook. One area I

Full Story

Grep and icat

Just a very brief blog post regarding the power of grep and icat in relation to forensic images. I am currently revising for my GCFA certification and as part of this revision was

Full Story

Chrome Cache - Where's the stash (Part 2)

In Part 1 of this blog I mentioned the metadata regarding one of the separate files contained within the deleted cache. I stated that I would further explain what is contained within that

Full Story

Chip_DFIR

New Home For My Blog

Timestamp Anomalies - $MFT

Timeline Creation - Part 2 (Super Timeline)

Timeline Creation - Part 1 (Filesystem Timeline)

Grep and icat

Chrome Cache - Where's the stash (Part 2)

Recent Posts

Analysing an O.MG cable

Wagtail XSS + LocalStorage = Account Hijack

Imperva WAF Bypass