Mapping Windows Event IDs, Policies, and Monitoring Recommendations Marcus ThompsonJuly 13, 2020Comment
Handling Large CSV Files for Digital Forensics and Incident Response Marcus ThompsonDecember 23, 2019Tools, LogsComment
Understanding Memory Address Translation Marcus ThompsonNovember 18, 2018dfir, memory forensicsComment
Applying the Precision Testing Methodology to the Master File Table Marcus ThompsonNovember 11, 2018dfir, MFT, Master File Table, methodologyComment
Tool Output Precision Testing for Fixed-Size Artifacts Marcus ThompsonNovember 4, 2018dfir, methodology, index records, $I30Comment