Archive for July, 2015

Hello Reader! Wow, it’s hard to believe I’ve made it to thirty weeks with this project.  Also a bit shocking that the year is getting closer to the end than to the beginning. Unfortunately real life got in the way of things this week, so I have to reach back to a script I wrote […]


Hello Reader! Well this week we’re going to change gears a bit and re-visit a script from Week 11.  You might remember that script was a brute force File Vault script I created to use with the libfvde project.  Now the one issue with that script is if you stop it and start it back […]


Hello Reader! Well the streak has (almost) been broken.  I must apologize to all of you for getting this out so late.  For the past week I’ve been at SANS DFIR Summit and Training in Austin, TX.  And unfortunately for me, I completely lost track of what day it was until this morning.  But the […]


Hello Reader! This week we’re wrapping up my Windows LNK file header parsing scripts.  And it’s ending with the Hotkey value of the shortcut which is at file offset 64. This value is somewhat unique in that it’s a two byte value, and each byte refers to one part of the hotkey combination.  The low […]