- Analysis of Fiesta EK
- Hacking BRBBot
- ADFIRWMC - 4. The Value of Unstructured Analysis
- ADFIRWMC - 3. Files of Forensic Interest
- ADFIRWMC - 2. Remote Acquisition of Windows Artifacts
- ADFIRWMC - 1. Windows Remote Administration for Incident Responders
- ADFIRWMC - 0. Disclaimers
- Find Windows Filetime objects in Binary Data
- Remotely Change BitLocker Protections
- Using FullEventLogView From Nirsoft
