https://dfir.ru/2026/01/26/windows-event-logs-were-cleared-but-resurrected-in-another-file/https://dfir.ru/wp-content/uploads/2026/01/image-3.pngimagehttps://dfir.ru/wp-content/uploads/2026/01/image-2.pngimagehttps://dfir.ru/wp-content/uploads/2026/01/image.pngimage2026-01-26T17:37:17+00:00monthlyhttps://dfir.ru/2025/05/08/disk-encryption-wide-block-modes-authentication-tags-arent-silver-bullets/https://dfir.ru/wp-content/uploads/2025/04/bc_paper.pngbc_paperhttps://dfir.ru/wp-content/uploads/2025/04/bc_inject.pngbc_injecthttps://dfir.ru/wp-content/uploads/2025/04/bc_rawdata.pngbc_rawdatahttps://dfir.ru/wp-content/uploads/2025/03/screenshot-from-2025-03-28-19-08-17.pngScreenshot from 2025-03-28 19-08-17https://dfir.ru/wp-content/uploads/2025/03/image-2.pngimagehttps://dfir.ru/wp-content/uploads/2025/03/encryption_layouts-1.pngencryption_layoutshttps://dfir.ru/wp-content/uploads/2025/03/fedora-boot.pngfedora-boothttps://dfir.ru/wp-content/uploads/2025/03/opensuse_boot.pngopensuse_boot2025-10-24T12:19:22+00:00monthlyhttps://dfir.ru/2024/12/09/multiple-vulnerabilities-in-ami-file-system-drivers/https://dfir.ru/wp-content/uploads/2024/12/applyusa.pngapplyusa2025-10-14T21:23:06+00:00monthlyhttps://dfir.ru/2025/02/23/symlink-attacks-without-code-execution/2025-10-10T09:46:09+00:00monthlyhttps://dfir.ru/2025/01/20/cve-2025-21210-aka-crashxts-a-practical-randomization-attack-against-bitlocker/https://dfir.ru/wp-content/uploads/2025/01/image.pngimage2025-03-16T13:38:06+00:00monthlyhttps://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/https://dfir.ru/wp-content/uploads/2024/06/kernel_680_cve_not_fixed_2.pngkernel_680_cve_not_fixed_2https://dfir.ru/wp-content/uploads/2024/06/kernel_680_cve_not_fixed_1.pngkernel_680_cve_not_fixed_1https://dfir.ru/wp-content/uploads/2024/06/image-2.pngimagehttps://dfir.ru/wp-content/uploads/2024/06/image-1.pngimagehttps://dfir.ru/wp-content/uploads/2024/06/image.pngimagehttps://dfir.ru/wp-content/uploads/2024/06/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2024-06-18-19-39-56.pngd0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2024-06-18-19-39-56https://dfir.ru/wp-content/uploads/2024/06/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2024-06-17-23-44-05.pngd0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2024-06-17-23-44-052024-09-04T11:32:03+00:00monthlyhttps://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager/https://dfir.ru/wp-content/uploads/2024/01/image.pngimage2024-08-14T20:49:23+00:00monthlyhttps://dfir.ru/2021/10/15/the-uppercased-hell/2024-07-18T12:26:39+00:00monthlyhttps://dfir.ru/2021/06/28/shadow-copies-become-less-visible/2024-07-18T12:26:18+00:00monthlyhttps://dfir.ru/2024/04/09/operation-based-prefetching/https://dfir.ru/wp-content/uploads/2024/04/pf_ntstatus.pngpf_ntstatushttps://dfir.ru/wp-content/uploads/2024/04/image-2.pngimage-2https://dfir.ru/wp-content/uploads/2024/04/op-prefetch.pngop-prefetch2024-04-08T22:20:48+00:00monthlyhttps://dfir.ru/2021/07/15/playing-with-case-insensitive-file-names/2024-03-10T21:40:07+00:00monthlyhttps://dfir.ru/2023/08/23/cve-2023-4273-a-vulnerability-in-the-linux-exfat-driver/https://dfir.ru/wp-content/uploads/2023/08/image-2.pngimage-2https://dfir.ru/wp-content/uploads/2023/08/image.pngimage2024-01-13T14:57:06+00:00monthlyhttps://dfir.ru/2023/11/01/bringing-unallocated-data-back-the-fat12-16-32-case/https://dfir.ru/wp-content/uploads/2023/11/freebsd_msdosfs_extend-2089237877-e1698855810501.pngfreebsd_msdosfs_extend2023-11-01T21:12:04+00:00monthlyhttps://dfir.ru/2023/11/01/cve-2023-45897-a-vulnerability-in-the-linux-exfat-userspace-tools/2023-11-01T14:39:41+00:00monthlyhttps://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/https://dfir.ru/wp-content/uploads/2023/10/grub_ntfs_ho_uefi_qemu_guest_errors.pnggrub_ntfs_ho_uefi_qemu_guest_errorshttps://dfir.ru/wp-content/uploads/2023/10/mokpwstore.pngmokpwstore2023-10-04T09:49:49+00:00monthlyhttps://dfir.ru/2022/12/18/do-researchers-handle-exfat-volumes-correctly/https://dfir.ru/wp-content/uploads/2022/12/d0b8d0b7d0bed0b1d180d0b0d0b6d0b5d0bdd0b8d0b5-3.pngd0b8d0b7d0bed0b1d180d0b0d0b6d0b5d0bdd0b8d0b5-3https://dfir.ru/wp-content/uploads/2022/12/d0b8d0b7d0bed0b1d180d0b0d0b6d0b5d0bdd0b8d0b5-2.pngd0b8d0b7d0bed0b1d180d0b0d0b6d0b5d0bdd0b8d0b5-2https://dfir.ru/wp-content/uploads/2022/12/image-2.pngimage-2https://dfir.ru/wp-content/uploads/2022/12/image-1.pngimage-1https://dfir.ru/wp-content/uploads/2022/12/d0b8d0b7d0bed0b1d180d0b0d0b6d0b5d0bdd0b8d0b5-1.pngd0b8d0b7d0bed0b1d180d0b0d0b6d0b5d0bdd0b8d0b5-1https://dfir.ru/wp-content/uploads/2022/12/d0b8d0b7d0bed0b1d180d0b0d0b6d0b5d0bdd0b8d0b5.pngd0b8d0b7d0bed0b1d180d0b0d0b6d0b5d0bdd0b8d0b5https://dfir.ru/wp-content/uploads/2022/12/image.pngimage2023-04-19T11:40:27+00:00monthlyhttps://dfir.ru/me/2022-12-19T10:20:48+00:00weekly0.6https://dfir.ru/2021/12/08/things-you-probably-didnt-know-about-fat/2022-08-22T10:50:33+00:00monthlyhttps://dfir.ru/2022/02/11/exfat-orphan-file-name-entries/2022-02-22T16:30:19+00:00monthlyhttps://dfir.ru/tools/2022-01-29T13:02:33+00:00weekly0.6https://dfir.ru/2022/01/15/macos-fat-directories/https://dfir.ru/wp-content/uploads/2022/01/macos_stat.pngmacos_stat2022-01-15T12:30:58+00:00monthlyhttps://dfir.ru/2018/07/21/a-live-forensic-distribution-executing-malicious-code-from-a-suspect-drive/https://dfir.ru/wp-content/uploads/2018/07/grml-grub.pnggrml-grubhttps://dfir.ru/wp-content/uploads/2018/07/screenshot.pngscreenshothttps://dfir.ru/wp-content/uploads/2018/07/altlinux-rescue.pngaltlinux-rescuehttps://dfir.ru/wp-content/uploads/2018/07/dmesg-sda.pngdmesg-sda2021-12-29T09:12:43+00:00monthlyhttps://dfir.ru/2019/01/19/ntfs-today/https://dfir.ru/wp-content/uploads/2019/01/frs-flags-2.pngfrs-flagshttps://dfir.ru/wp-content/uploads/2019/01/lxattrb.pnglxattrbhttps://dfir.ru/wp-content/uploads/2019/01/attr-ea.pngattr-eahttps://dfir.ru/wp-content/uploads/2019/01/attr-si-cs.pngattr-si-cshttps://dfir.ru/wp-content/uploads/2019/01/attr-si.pngattr-sihttps://dfir.ru/wp-content/uploads/2019/01/volume-flags.pngvolume-flagshttps://dfir.ru/wp-content/uploads/2019/01/frs-sref.pngfrs-sref2023-07-25T08:46:03+00:00monthlyhttps://dfir.ru/2020/06/12/trim-and-unallocated-space/https://dfir.ru/wp-content/uploads/2020/06/samsung-trim-zeros.pngSamsung-Trim-Zeroshttps://dfir.ru/wp-content/uploads/2020/06/samsung-trim.pngSamsung-Trimhttps://dfir.ru/wp-content/uploads/2020/06/ssd-sd-asm.pngssd-sd-asmhttps://dfir.ru/wp-content/uploads/2020/06/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2020-06-10-01-24-38.pngСнимок экрана от 2020-06-10 01-24-382021-11-22T22:36:33+00:00monthlyhttps://dfir.ru/2019/08/27/windows-forensics-open-research-topics/2021-09-02T06:55:59+00:00monthlyhttps://dfir.ru/2018/10/07/hiding-data-in-the-registry/https://dfir.ru/wp-content/uploads/2018/10/reg_159.pngreg_1592021-07-01T22:06:39+00:00monthlyhttps://dfir.ru/2021/01/10/standard_information-vs-file_name/2021-03-04T08:22:24+00:00monthlyhttps://dfir.ru/2020/10/25/the-nt-kernel-can-ignore-your-hardware-clock-during-the-boot/2020-10-25T15:43:55+00:00monthlyhttps://dfir.ru/2020/10/03/exporting-registry-hives-from-a-live-system/2020-10-03T13:39:22+00:00monthlyhttps://dfir.ru/2020/08/15/containerized-registry-hives-in-windows/https://dfir.ru/wp-content/uploads/2020/08/overlay.pngoverlayhttps://dfir.ru/wp-content/uploads/2020/08/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2020-08-15-15-14-42.pngСнимок экрана от 2020-08-15 15-14-42https://dfir.ru/wp-content/uploads/2020/08/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2020-08-15-15-14-15.pngСнимок экрана от 2020-08-15 15-14-15https://dfir.ru/wp-content/uploads/2020/08/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2020-08-15-15-09-41.pngСнимок экрана от 2020-08-15 15-09-41https://dfir.ru/wp-content/uploads/2020/08/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2020-08-15-15-03-38.pngСнимок экрана от 2020-08-15 15-03-38https://dfir.ru/wp-content/uploads/2020/08/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2020-08-15-14-51-42.pngСнимок экрана от 2020-08-15 14-51-42https://dfir.ru/wp-content/uploads/2020/08/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2020-08-15-14-39-52.pngСнимок экрана от 2020-08-15 14-39-522020-08-17T13:45:50+00:00monthlyhttps://dfir.ru/2020/07/14/offline-shadow-copies/https://dfir.ru/wp-content/uploads/2020/07/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2020-07-14-00-03-26.pngСнимок экрана от 2020-07-14 00-03-262020-07-14T11:19:28+00:00monthlyhttps://dfir.ru/2020/06/29/storage-reserve-blocks-some-tools-from-thoroughly-wiping-unallocated-space/https://dfir.ru/wp-content/uploads/2020/06/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2020-06-29-02-12-51.pngСнимок экрана от 2020-06-29 02-12-51https://dfir.ru/wp-content/uploads/2020/06/20h1-fill-free.png20h1-fill-freehttps://dfir.ru/wp-content/uploads/2020/06/81-fill-free.png81-fill-freehttps://dfir.ru/wp-content/uploads/2020/06/20h1-f.png20h1-fhttps://dfir.ru/wp-content/uploads/2020/06/81-f.png81-f2020-08-02T16:55:19+00:00monthlyhttps://dfir.ru/2020/06/21/extracting-unallocated-clusters-from-a-shadow-copy/2020-07-12T21:45:05+00:00monthlyhttps://dfir.ru/2020/05/23/onedrive-and-ntfs-last-access-timestamps/https://dfir.ru/wp-content/uploads/2020/05/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2020-05-22-15-15-14.pngСнимок экрана от 2020-05-22 15-15-14https://dfir.ru/wp-content/uploads/2020/05/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2020-05-22-01-03-27.pngСнимок экрана от 2020-05-22 01-03-272020-06-03T23:42:31+00:00monthlyhttps://dfir.ru/2020/05/18/deceptive-ntfs-short-file-names/https://dfir.ru/wp-content/uploads/2020/05/svl-tsk.pngsvl-tskhttps://dfir.ru/wp-content/uploads/2020/05/svl-ftki.pngsvl-ftkihttps://dfir.ru/wp-content/uploads/2020/05/svl-explorer.pngsvl-explorer2020-05-17T23:22:30+00:00monthlyhttps://dfir.ru/2020/05/06/prepopulated-artifacts/https://dfir.ru/wp-content/uploads/2020/05/regf-uninit.pngregf-uninithttps://dfir.ru/wp-content/uploads/2020/05/w81.pngw81https://dfir.ru/wp-content/uploads/2020/05/w10ofrg.pngw10ofrghttps://dfir.ru/wp-content/uploads/2020/05/nk32b.pngnk32b2020-05-07T11:33:30+00:00monthlyhttps://dfir.ru/2020/04/08/bam-internals/https://dfir.ru/wp-content/uploads/2020/04/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2020-04-08-02-56-36.pngСнимок экрана от 2020-04-08 02-56-36https://dfir.ru/wp-content/uploads/2020/04/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2020-04-07-02-45-13.pngСнимок экрана от 2020-04-07 02-45-13https://dfir.ru/wp-content/uploads/2020/04/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2020-04-07-00-55-23.pngСнимок экрана от 2020-04-07 00-55-23https://dfir.ru/wp-content/uploads/2020/04/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2020-04-06-22-09-57.pngСнимок экрана от 2020-04-06 22-09-57https://dfir.ru/wp-content/uploads/2020/04/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2020-04-06-19-39-38.pngСнимок экрана от 2020-04-06 19-39-38https://dfir.ru/wp-content/uploads/2020/04/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2020-04-06-12-35-56.pngСнимок экрана от 2020-04-06 12-35-56https://dfir.ru/wp-content/uploads/2020/04/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2020-04-06-12-30-55.pngСнимок экрана от 2020-04-06 12-30-55https://dfir.ru/wp-content/uploads/2020/04/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2020-04-06-12-29-34.pngСнимок экрана от 2020-04-06 12-29-34https://dfir.ru/wp-content/uploads/2020/04/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2020-04-06-02-29-20.pngСнимок экрана от 2020-04-06 02-29-20https://dfir.ru/wp-content/uploads/2020/04/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2020-04-06-01-35-46.pngСнимок экрана от 2020-04-06 01-35-462020-04-09T12:00:24+00:00monthlyhttps://dfir.ru/2020/03/21/the-extenddeleted-directory/2022-12-08T19:51:03+00:00monthlyhttps://dfir.ru/ru/2020-02-29T22:30:50+00:00weekly0.6https://dfir.ru/2020/02/29/scoped-shadow-copies/https://dfir.ru/wp-content/uploads/2020/02/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2020-02-29-17-47-17-1.pngСнимок экрана от 2020-02-29 17-47-172020-02-29T20:27:01+00:00monthlyhttps://dfir.ru/2020/02/23/you-write-to-a-logical-drive-when-you-read-from-it/https://dfir.ru/wp-content/uploads/2020/02/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2020-02-23-01-02-45.pngСнимок экрана от 2020-02-23 01-02-45https://dfir.ru/wp-content/uploads/2020/02/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2020-02-22-22-03-43.pngСнимок экрана от 2020-02-22 22-03-432020-02-23T12:16:19+00:00monthlyhttps://dfir.ru/2020/02/09/carving-file-control-blocks-from-memory-dumps/https://dfir.ru/wp-content/uploads/2020/02/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2020-02-09-13-55-09.pngСнимок экрана от 2020-02-09 13-55-09https://dfir.ru/wp-content/uploads/2020/02/d0a1d0bdd0b8d0bcd0bed0ba-d18dd0bad180d0b0d0bdd0b0-d0bed182-2020-02-09-13-43-07-e1581245758831.pngСнимок экрана от 2020-02-09 13-43-072020-02-10T16:47:32+00:00monthlyhttps://dfir.ru/2018/12/08/the-last-access-updates-are-almost-back/2019-10-09T10:08:57+00:00monthlyhttps://dfir.ru/2019/07/29/things-you-probably-didnt-know-about-shadow-copies/https://dfir.ru/wp-content/uploads/2019/07/vsc-offline-2.pngvsc-offline-2https://dfir.ru/wp-content/uploads/2019/07/vsc-offline.pngvsc-offlinehttps://dfir.ru/wp-content/uploads/2019/07/pf-vss-bogus.pngpf-vss-bogus2019-07-28T23:26:26+00:00monthlyhttps://dfir.ru/2019/04/23/ntfs-large-clusters/https://dfir.ru/wp-content/uploads/2019/04/format.pngformat2019-04-23T21:06:42+00:00monthlyhttps://dfir.ru/2019/03/25/forensic-analysis-of-disclosed-uninitialized-kernel-memory/https://dfir.ru/wp-content/uploads/2019/03/kl-file.pngkl-filehttps://dfir.ru/wp-content/uploads/2019/03/kts2019_kmd.pngkts2019_kmdhttps://dfir.ru/wp-content/uploads/2019/03/ntfs-slack.pngntfs-slack2019-03-24T23:44:15+00:00monthlyhttps://dfir.ru/2019/02/28/ntfs-unallocated-data-marked-as-allocated/https://dfir.ru/wp-content/uploads/2019/02/repair_verify.pngrepair_verifyhttps://dfir.ru/wp-content/uploads/2019/02/repair_corrupt.pngrepair_corrupt2021-07-02T06:41:51+00:00monthlyhttps://dfir.ru/2018/07/25/a-live-forensic-distribution-writing-to-a-suspect-drive/https://dfir.ru/wp-content/uploads/2018/07/screenshot-ntfs.pngscreenshot-ntfshttps://dfir.ru/wp-content/uploads/2018/07/screenshot-4.pngscreenshot-4https://dfir.ru/wp-content/uploads/2018/07/screenshot-3.pngscreenshot-3https://dfir.ru/wp-content/uploads/2018/07/screenshot-2.pngscreenshot-2https://dfir.ru/wp-content/uploads/2018/07/screenshot-1.pngscreenshot-1https://dfir.ru/wp-content/uploads/2018/07/ubuntu-dmesg.pngubuntu-dmesg2019-02-25T22:51:14+00:00monthlyhttps://dfir.ru/2019/02/16/how-the-logfile-works/https://dfir.ru/wp-content/uploads/2019/02/lfs-layout.pnglfs-layouthttps://dfir.ru/wp-content/uploads/2019/02/lfs-infinite.pnglfs-infinitehttps://dfir.ru/wp-content/uploads/2019/02/lfs-record-pages.pnglfs-record-pageshttps://dfir.ru/wp-content/uploads/2019/02/lfs-record-page.pnglfs-record-page2020-08-06T10:27:24+00:00monthlyhttps://dfir.ru/2019/01/08/hibernation-and-ntfs/2019-01-08T01:06:15+00:00monthlyhttps://dfir.ru/2019/01/04/what-writes-to-the-syscache-hive/https://dfir.ru/wp-content/uploads/2019/01/syscache-stack.pngsyscache-stackhttps://dfir.ru/wp-content/uploads/2019/01/amcache_trace.pngamcache_trace2019-01-04T00:17:57+00:00monthlyhttps://dfir.ru/2018/12/02/the-cit-database-and-the-syscache-hive/https://dfir.ru/wp-content/uploads/2018/12/syscache-tsk.pngsyscache-tskhttps://dfir.ru/wp-content/uploads/2018/12/syscache.pngsyscachehttps://dfir.ru/wp-content/uploads/2018/12/cit.pngcit2018-12-18T18:57:58+00:00monthlyhttps://dfir.ru/2018/12/16/the-inconsistency-of-last-access-timestamps/https://dfir.ru/wp-content/uploads/2018/12/ntfs_ts_la_i30.pngntfs_ts_la_i30https://dfir.ru/wp-content/uploads/2018/12/ntfs_ts_la_mft.pngntfs_ts_la_mfthttps://dfir.ru/wp-content/uploads/2018/12/xp.pngxp2021-03-05T07:47:17+00:00monthlyhttps://dfir.ru/2018/11/19/exploring-intermediate-states-of-a-registry-hive-using-transaction-log-files/2018-11-19T10:41:47+00:00monthlyhttps://dfir.ru/2018/11/18/tools-that-recover-deleted-registry-data-dont-do-the-same-job/https://dfir.ru/wp-content/uploads/2018/11/regdel.pngregdelhttps://dfir.ru/wp-content/uploads/2018/11/reg_unalloc-1.pngreg_unalloc-12018-11-17T23:24:10+00:00monthlyhttps://dfir.ru/2018/10/26/effects-of-running-an-offline-av-scan/https://dfir.ru/wp-content/uploads/2018/10/krd-diff.pngkrd-diff2018-10-25T23:41:30+00:00monthlyhttps://dfir.ru/2018/09/08/memory-compression-and-forensics/https://dfir.ru/wp-content/uploads/2018/09/hbin-decompressed.pnghbin-decompressedhttps://dfir.ru/wp-content/uploads/2018/09/hbin-compressed.pnghbin-compressed2018-09-08T00:57:50+00:00monthlyhttps://dfir.rudaily1.02026-01-26T17:37:17+00:00