▽Windows Incident Response ●01/14 04:55 Addendum, 13 Jan: Damien Attoe released his first blog post regarding a tool he's working on called "sqbite"; the alpha functionality is what's currently available, and Damien plans to release additional functionality in March. Reading through his blog post, it appears that Damien is working toward something similar to what Mari talked about and released. It's going to be interesting to see what h
▽Yogesh Khatri’s forensic blog ●01/13 11:23 Sunday, January 12, 2025mac_apt update to BTM processingThis post highlights improvements to the AUTOSTART plugin in mac_apt.Since macOS 13 (Ventura), Login items and Background tasks are managed and tracked via .BTM files. This is located at the path:/private/var/db/com.apple.backgroundtaskmanagement/BackgroundItems-v<xx>.btmwhere <xx> is the version number, currently 13 on macOS 15.2Much o
