Available Hashes:
MD5, SHA1, AmCache SHA1, SHA256, CRC32, SHA512, SHA3-256, SHA3-512, BLAKE2b, IMPHASH, QuickXorHash, SSDEEP, MD4, ED2K
SmackThatHash features AmCache SHA1 variant and QuickXorHash (OneDrive). Run against a single file or entire folder recursively. Pick from preset hashes or roll your own. Console and csv output. #DFIR
https://github.com/Beercow/SmackThatHash
GitHub - Beercow/SmackThatHash: Hashing utility including AmCache SHA1 and QuickXorHash
Hashing utility including AmCache SHA1 and QuickXorHash - Beercow/SmackThatHash
Made an update to XstReader. It was unusable with larger ost files. It now loads large ost files in seconds making it usable again. Have a pull request in but not counting on it being accepted due to inactivity. Let me know what you think. #DFIR
https://github.com/Beercow/XstReader/releases
Releases · Beercow/XstReader
XstReader is an open source viewer for Microsoft Outlook’s .ost and .pst files (also those protected by unknown password). You can view and inspect all content and export messages and attachments (...
When you get a group text and fix the name and picture for them.
OneDrive Updates
OneDrive Evolution OneDrive Evolution has been updated to OneDrive Version 25.228.1120.0001 OneDrive Evo...
Not that kind of consent. The UAC kind of consent. Take a dive into how UAC works and some of the things it doesn’t tell you. Also a new utility to solve some of these issues.
https://malwaremaloney.blogspot.com/2025/11/lets-talk-about-consent.html
Let's Talk About Consent
User Account Control (UAC) is one of Windows’ core security features, designed to prevent applications from silently gaini...
When launching a program as admin, consent.exe runs with a parent process of svchost. If successful, consent.exe exits and the new process is launched with explorer as its parent. If not, we can’t always tell what was trying to be ran. Until now.
https://github.com/Beercow/ConsentMonitor
