New Year, New dfir.blog

2019 is here and the new year brings something with it I’ve wanted to do for a while: re-launch my blog! It has a new look and a new home at dfir.blog. I’ve had some big changes in my life: I became a father and I began working at Google on their Digital Forensics team. […]

Investigating Universal Analytics

Two common questions when investigating web browsing are: how long did a user spend on a website, and what actions did they take while on it We have a number of methods of approximating what the user did and how much time they spent on a page, but browser histories just weren’t designed to comprehensively record all that information. Chrome visit […]

Load Balancer Cookies

Load Balancer Cookie Decoder

I was going through my bookmarks and found a write-up from a few years ago on decoding NetScaler load balancer cookies. Adam Maxwell (@catalyst256) wrote a few blog posts describing his process of figuring out how to decode the cookie and finished it off by releasing a Python script that automates his process. It’s always interesting […]

Hindsight v1.5.0 Graphical User Interface

Hindsight v1.5.0 released + GUI!

I am very excited to announce that Hindsight v1.5.0 is here! Graphical User Interface The core Hindsight functionality continues to see incremental improvements, along with quite a few internal changes to support new features that will appear in subsequent releases. However, the major change is that there is now a graphic interface available for Hindsight, thanks […]