🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Paging YET ANOTHER GLOBAL UUID DATABASE

Check out this project if you wanna deep dive into AWS logging. The documented logs include a log example, detection rule and simulation command. traildiscover.cloud

OneDriveExplorer now supports and parses Offline Mode for web. malwaremaloney.blogspot.com/2025/02/onedri…

I just came across email information in one of the OneDrive databases. Sender, recipients, subject, mailbox, attachments, etc… Pretty much everything except the body. More to come. 🤔 #DFIR

I am OneDrive.

I started exploring OneDrive’s FileUsageSync.bd. There is some useful information on files shared via email, Teams, etc… that may not be in the user’s OneDrive. malwaremaloney.blogspot.com/2025/02/onedri…

Thanks to everyone joining virtually and in-person for the presentation on Windows Forensic Environment (WinFE) I learned a ton from the experience. I hope those that joined did too.

Managed to reduce the parsing of ODL files by 7 minutes over 1.8 million logs with OneDriveExplorer. From 25 min down to 18 min. Still takes a while but huge improvement.

Interesting thing with OneDrive Offline Mode for web. You can get the last two modification times of a file. Could come in handy. #DFIR

Hmmmm. What are we up to here? 🤔

D3FEND 1.1.0 is now available. Check out our blog post on how to create D3FEND Graphs with D3FEND CAD! d3fend.mitre.org/blog/building-…

Been a little while. Was busy adding support for Microsoft.FileUsageSync.db to OneDriveExplorer. Update brings in data on files shared via email, Teams, SharePoint and more. Thank you Heather Mahalik Barnhart for the bug report on search function issues. #DFIR malwaremaloney.blogspot.com/2025/05/onedri…

Sorry for the delay in OneDrive Evolution. It appears I'm a wee bit behind. This is what happens when I go down a rabbit hole of researching data in OneDrive for 3 months. 😦

Not sure if people realize it. I install every version of OneDrive that comes out and look at the data. This is to give you the best OneDrive analysis possible.

Catching up on my back log of OneDrive versions. Noticed the schema number has changed for SyncEngineDatabase.db. Wonder what goodies they added. 🤔

Nothing too interesting in the schema updates so far. Maybe I’ll see what they are up to at the next OneDrive Office Hours.

Finally caught up. Updates to OneDrive Evolution and database schemas. malwaremaloney.blogspot.com/2025/05/onedri…

Found a few bugs that would cause crashes in OneDriveExplorer around ODL and FileUsageSync. Update available. github.com/Beercow/OneDri…