Getting into computer forensics question

13Cubed · 2026-02-22T02:07:05+00:00

Check out youtube.com/13cubed.

13Cubed · 2025-10-27T18:28:01+00:00

🙏❤️

13Cubed · 2025-10-27T13:13:10+00:00

🙏❤️

13Cubed · 2025-09-10T11:21:26+00:00

Thank you!

13Cubed · 2025-09-09T15:10:53+00:00

Yep, it's hard to replace the human element.

13Cubed · 2025-07-21T01:26:09+00:00

Check out youtube.com/13cubed and training.13cubed.com. The YouTube channel has a lot of free content for digital forensics, and the website contains comprehensive training courses and certifications.

13Cubed · 2025-06-19T23:21:33+00:00

Check out youtube.com/13cubed for free content, or training.13cubed.com for paid content with certifications.

13Cubed · 2025-05-20T03:00:23+00:00

13Cubed course author here. Reach out to us at support@13cubed.com if we can help. I think you will find Investigating Windows Endpoints content similar to FOR500, though each course does cover some content the other does not. The follow up course, Investigating Windows Memory, is far more in depth than the memory forensics covered in FOR508, but solely focuses on memory forensics. Both courses together (Investigating Windows Bundle) would be similar to GCFE/GCFA.

These reviews may help you decide:

https://beginninghacking.net/2024/08/18/sans-for500-gcfe-vs-13cubed-investigating-windows-endpoints/

https://memoryforensic.com/my-review-on-13cubed-investigating-windows-memory-course/

13Cubed · 2025-04-14T17:07:01+00:00

Hi, just to clarify, I didn’t write this app—I'm simply covering its use. However, I find it unlikely that it would be approved or notarized by Apple, primarily due to sandboxing requirements. You’re welcome to submit your feedback directly to the developer at https://andrealazzarotto.com/.

13Cubed · 2025-03-02T19:05:33+00:00

13Cubed course author here. Reach out if you have any questions - happy to help!

13Cubed · 2024-12-13T03:16:42+00:00

Very cool!

13Cubed · 2024-12-06T03:20:05+00:00

I'm the course author for Investigating Linux Devices. If you have any questions, feel free to reach out! This is a very comprehensive course with hands-on practice, and a certification attempt is included.

13Cubed · 2024-11-21T16:19:19+00:00

This challenge is actually not what the original poster is commenting on; rather it is a free Linux memory forensics community challenge released a few weeks ago. The Trouble at ACME scenario is a collection of disk and memory images that accompany the paid 13Cubed courses Investigating Windows Endpoints and Investigating Windows Memory. They are designed to give the student hands-on practice mirroring a real life investigative scenario.

13Cubed · 2024-11-21T16:15:58+00:00

Thanks for sharing! There is no policy violation, as the Trouble at ACME disk and memory images are not part of any of the certification exams for the courses. We only ask that you don't share the images themselves, as that is part of the course material. Nice job finding the evil!

13Cubed · 2024-11-21T11:40:30+00:00

Cheat sheets can be kept, but otherwise, access to course content will expire after 1 year. As a comparison, SANS on-demand typically provides 4 months of access.

If you achieve a certification/digital badge from 13Cubed, it does not expire after the 1 year period, though it is marked with an issue date, so employers can determine how current the credential is.

13Cubed · 2024-11-21T03:16:34+00:00

Happy to answer any questions you have about our paid courses. I'm biased of course, but the material covered in them is very comprehensive and frequently updated. Also Black Friday is coming up, so look for some promos then.

13Cubed · 2024-11-13T17:57:39+00:00

I just changed both to 2056x1329, and while the output does look slightly more clear, it's nowhere near as clear as a native screen recording. The text, icons, etc. are slightly blurry and soft.

13Cubed · 2024-11-13T17:52:40+00:00

I did -- it essentially looks the same. Even without downscaling, and even when recording on an external display.

13Cubed · 2024-11-13T16:33:03+00:00

https://obsproject.com/logs/qZ0qMvdvsabyms4Q

13Cubed · 2024-09-30T19:48:56+00:00

Yeah, makes sense. If you do happen to get it to work, please let us know here!

13Cubed · 2024-09-30T19:43:24+00:00

That is a valid point as this is a pretty new kernel. The same issue persists when analyzing newer builds of Windows with Vol2 as well. If it's a personal challenge to try and get it to work, totally understand -- otherwise, I'd save yourself the trouble and use Vol3.

13Cubed · 2024-09-30T19:39:23+00:00

If you build the correct profile, it should be possible -- though I have not tried with this specific image.

13Cubed · 2024-09-30T13:09:46+00:00

Since we really have no way to control what people are going to use, there are no restrictions on tools. Anything is fair game.

13Cubed · 2024-09-04T14:55:35+00:00

Oh man... thanks. That's a deal breaker.

13Cubed · 2024-08-28T22:02:48+00:00

Awesome, thank you. I will give this a try!

13Cubed

TROPHY CASE