Mal-Hash.ps1 (v1.3 Update)

I’ve made some updates to the Mal-Hash PowerShell script. Most notable is that the script now works (via PowerShell) on Windows, Mac and Linux. The script takes the input of a file, calculates the hashes (MD5, SHA1, SHA256), and then submits the HASH to Virus Total for analysis. The script will also run Strings against […]

Group collections from O365 with PowerShell

If you’re working in or responding to an O365 environment, there’s plenty of opportunities where you need to search and collect from multiple O365 custodians at the same time. While the experience of the Security & Compliance Center has improved over the years, I still find it inefficient for creating larger collections – especially when […]

Mal-Hash – interacting with Virus Total API via PowerShell

Virus Total started in 2004 as a free service to analyze files and URLs for malicious behavior. In 2012 Virus Total (VT) was acquired by Google. Virus Total can provide a boon of information for the nascent investigator, though OpSec should remain a concern. It’s rare to be in a security class where Virus Total […]

Lack Rack part III: the Final chapter

If you caught the last blog installment you’ve seen that I’m a big proponent of the Steve Jobs “one more thing” methodology. To ‘finish out’ (as if) the rack design I’ve made two more modifications. The first was reversing the switch positioning and doing some OCD-level cable maintenance. The last, and the piece de resistance […]

Lack Rack Updates

I have a tendency for DIY projects to never be finished. Actually that’s not entirely true. I finish them, but then I continue to build/expand on them. This has been true of many elements of my home office since moving to our home two years ago. A few months back I posted my DIY network […]

Magnet 2022 CTF – iOS15

One of the evidence items during the 2022 Magnet User Summit CTF was a full file system extraction of an iPhone running iOS 15. Recently the CTF creators made the evidence (and corresponding challenge questions) available at You can register for a free account and then download the evidence. There’s several recommended tools listed […]

AXIOM, YARA, GitHub – Oh My!

Version 6 of Magnet Axiom added support for YARA rules. By default the installation ships with the free Open-Source YARA rules from Reversing Labs. These YARA rules may be updated within Axiom periodically. In addition to the included rules, AXIOM supports adding your own YARA source folders. If you need to update the included rules […]

Play it Again Sam – A Recap of MUS 2022

I had a wonderful time participating in the Magnet User Summit, both in person and virtually. After 2 years of participating virtually, it was my first time attending the Summit in person. It was great to meet for the first time in person, not just many of my coworkers, but many of the regulars in […]

Swag for Charity

You can now get Baker Street Forensics swag, everything from shirts and stickers to onesies and pillows. I’m especially fond of the notebooks. I worked with a number of independent artists to commission a few new logo designs. This is where I need your help. What’s your favorite of the designs? The winner will be […]

CSIRT-Collect Summit Edition

Just in time for the 2022 Magnet User Summit and my presentation on FREE Tools for DFIR Triage Collections, an updated release (v3.1) of CSIRT-Collect. Special thanks to Kevin Pagano for contributing. You can register for my talk Free Tools for DFIR Triage Collections here.


Something went wrong. Please refresh the page and/or try again.

Follow My Blog

Get new content delivered directly to your inbox.