Advertisement · 728 × 90

Posts by

Preview
MALoney (It's in the name): Creating a Fuji/WinFE external drive Creating a Fuji/WinFE external drive This post walks through how to build a combined Fuji Cartridge and ...

Combining Fuji Cartridge and WinFE into a single setup that can handle forensic imaging for both macOS and Windows systems. #DFIR

malwaremaloney.blogspot.com/2026/04/last...

1 week ago 2 0 0 0
Post image

Coming soon. How to build a combined Fuji recovery and WinFE drive. #DFIR

1 week ago 0 0 0 0
Post image

Coming soon. How to build a combined Fuji recovery and WinFE drive. #DFIR

2 weeks ago 0 1 0 0

Available Hashes:
MD5, SHA1, AmCache SHA1, SHA256, CRC32, SHA512, SHA3-256, SHA3-512, BLAKE2b, IMPHASH, QuickXorHash, SSDEEP, MD4, ED2K

1 month ago 0 0 0 0
Preview
GitHub - Beercow/SmackThatHash: Hashing utility including AmCache SHA1 and QuickXorHash · GitHub Hashing utility including AmCache SHA1 and QuickXorHash - Beercow/SmackThatHash

SmackThatHash features AmCache SHA1 variant and QuickXorHash (OneDrive). Run against a single file or entire folder recursively. Pick from preset hashes or roll your own. Console and csv output. #DFIR

github.com/Beercow/Smac...

1 month ago 0 0 1 0
Preview
Releases · Beercow/XstReader XstReader is an open source viewer for Microsoft Outlook’s .ost and .pst files (also those protected by unknown password). You can view and inspect all content and export messages and attachments (...

Made an update to XstReader. It was unusable with larger ost files. It now loads large ost files in seconds making it usable again. Have a pull request in but not counting on it being accepted due to inactivity. Let me know what you think. #DFIR

github.com/Beercow/XstR...

1 month ago 0 0 0 0
Post image

When you get a group text and fix the name and picture for them.

3 months ago 1 0 0 0
Preview
MALoney (It's in the name): OneDrive Updates OneDrive Evolution OneDrive Evolution has been updated to OneDrive Version 25.228.1120.0001 OneDrive Evo...

A couple OneDrive updates this week. malwaremaloney.blogspot.com/2025/12/oned...

4 months ago 0 0 0 0

Fixed a bug in DeXRAY for Windows Defender files. 🙂

www.hexacorn.com/blog/2025/12...

4 months ago 0 0 0 0
Advertisement

Fixed a bug in DeXRAY for Windows Defender files. 🙂

www.hexacorn.com/blog/2025/12...

4 months ago 0 0 0 0
13Cubed XPlat Bundle and T-Shirt giveaway.

13Cubed XPlat Bundle and T-Shirt giveaway.

📢 I partnered with @13cubed.bsky.social for another giveaway! 🎁

🏆 1 winner will receive a 13Cubed Investigator T-Shirt + the XPlat Bundle Complete

👕 5 winners will receive 13Cubed Investigator T-Shirts

To Enter: Like, Comment, and Repost

#DFIR #DigitalForensics #IncidentResponse

4 months ago 11 9 9 1

Woot!

4 months ago 0 0 0 0
Preview
MALoney (It's in the name): Let's Talk About Consent User Account Control (UAC) is one of Windows’ core security features, designed to prevent applications from silently gaini...

Not that kind of consent. The UAC kind of consent. Take a dive into how UAC works and some of the things it doesn’t tell you. Also a new utility to solve some of these issues.
malwaremaloney.blogspot.com/2025/11/lets...

5 months ago 0 0 0 0
Post image Post image

When launching a program as admin, consent.exe runs with a parent process of svchost. If successful, consent.exe exits and the new process is launched with explorer as its parent. If not, we can’t always tell what was trying to be ran. Until now. github.com/Beercow/Cons...

5 months ago 2 1 0 0
Post image Post image

When launching a program as admin, consent.exe runs with a parent process of svchost. If successful, consent.exe exits and the new process is launched with explorer as its parent. If not, we can’t always tell what was trying to be ran. Until now. github.com/Beercow/Cons...

5 months ago 2 1 0 0
Post image

Into the unknown and down rabbit holes we go.

5 months ago 0 0 0 0
Advertisement
Preview
OneDrive updates What's new in OneDriveExplorer OnedDriveExplorer v2025.11.07 now includes a dedicated parser for Microsoft.FilesOnDemand....

Weekly update. New features in OneDriveExplorer, Onedrive Evolution and schema updates. #DFIR
malwaremaloney.blogspot.com/2025/11/oned...

5 months ago 1 2 0 0
Preview
OneDrive updates What's new in OneDriveExplorer OnedDriveExplorer v2025.11.07 now includes a dedicated parser for Microsoft.FilesOnDemand....

Weekly update. New features in OneDriveExplorer, Onedrive Evolution and schema updates. #DFIR
malwaremaloney.blogspot.com/2025/11/oned...

5 months ago 1 2 0 0

Adding a parser for Microsoft.FilesOnDemand.db to OneDriveExplorer. Yet another source to rebuild the user’s OnDrive. More to come. #DFIR

6 months ago 1 0 0 0
Preview
MALoney (It's in the name): OneDrive Quick Access What is Quick access? Quick access makes it simple to find your frequently used storage locations, inclu...

Did a little digging in Microsoft.FileUsageSync.db. Found some information to piece together OneDrive Quick Access. #DFIR
malwaremaloney.blogspot.com/2025/10/oned...

6 months ago 0 1 0 0
Preview
MALoney (It's in the name): OneDrive Quick Access What is Quick access? Quick access makes it simple to find your frequently used storage locations, inclu...

Did a little digging in Microsoft.FileUsageSync.db. Found some information to piece together OneDrive Quick Access. #DFIR
malwaremaloney.blogspot.com/2025/10/oned...

6 months ago 2 1 0 0

*but

6 months ago 0 0 0 0

Correct me if I’m wrong bit what you described is Xbox from day one.

6 months ago 0 0 1 0
Preview
MALoney (It's in the name): OneDrive. Let's take this offline At the beginning of this year, I started adding data from the offline databases into OneDrive Explorer. This data enhanced...

In case you missed it. New release of OneDriveExplorer. It has a dedicated parser for MicrosoftListSync.db (offline mode). #DFIR

malwaremaloney.blogspot.com/2025/09/oned...

6 months ago 2 1 0 0
Advertisement

That time of year again when everybody starts abbreviating cybersecurity awareness month as CSAM. 21 pages deep of google searches for that term and not a single mention of cybersecurity awareness month. Go figure.

6 months ago 0 0 0 0
Preview
MALoney (It's in the name): OneDrive Evolution Below is a collapsible indented tree depicting the contents of a OneDrive Profile. Each rectangle represents a file or directory and is lab...

OneDrive Evolution has been updated to v25.162.0820.0001. That’s 692 versions OneDriveExplorer now handles. SafeDelete.db has been updated to schema v9. Enjoy!

malwaremaloney.blogspot.com/p/onedrive-e...

malwaremaloney.blogspot.com/p/safedelete...

7 months ago 0 0 0 0
Post image Post image

Appears OneDrive snuck a new sync client in. Works with personal accounts at the moment. It’s WebView2. You can find data in the following locations:
AppData\Local\Microsoft\OneDrive\OD4
AppData\Local\Microsoft\OneDrive\Logs\OD4
Where are my browser forensics experts at? #DFIR

8 months ago 0 1 0 0
Post image

Updated OneDrive Evolution. You can now compare two versions of OneDrive and see what has changed. #DFIR

malwaremaloney.blogspot.com/p/onedrive-e...

8 months ago 0 0 0 0
Preview
Release v2025.05.30 · Beercow/OneDriveExplorer · GitHub Change Log Fixed ODL bug fix FileUsageSynce bug fix

Something you may not know. OneDriveExplorer also works for the OneDrive sync client for macOS.

github.com/Beercow/OneD...

9 months ago 2 1 0 0
Post image

Today we learned Fishrocket (the one with the doughnut) has cancer. It’s an aggressive form of mast cell tumors. Treatment usually involves removing them but there are too many. They prescribe prednisone because they itch. Has diabetes so can’t give him prednisone. Poor guy.

10 months ago 0 0 0 0