Acquiring Memory with Magnet RAM Capture

Recently, we released a new free tool that allows investigators to acquire the memory of a live PC. Customers using our IEF Triage module will already be familiar with this tool, as it’s used to acquire evidence from live systems. In realizing that others could benefit from our RAM capture tool, we decided to release … Continued

Decrypting More Dropbox Files: config.dbx

Back in March of this year we released a free tool to decrypt the Dropbox filecache.dbx file which stores information about the files in a user’s Dropbox repository (for more details read the blog post, and the Part 2 post). Paul Henry (Website:, twitter: @phenrycissp) is a SANS instructor and the lead author and teacher of the FOR559 course, Cloud Forensics & … Continued

Dropbox filecache.dbx file decrypted – now what?

Welcome to a “Part 2” of my last blog post where I announced our new free tool for decrypting the Dropbox filecache.dbx file. The response has been overwhelming and we appreciate all the comments and feedback. We really do have a great digital forensics community. Please note that IEF Triage has supported decrypting and parsing … Continued

Decrypting the Dropbox filecache.dbx file – new free tool!

Happy Friday, everyone! Today I would like to introduce a new free tool we’ve just released, called Dropbox® Decryptor. But first, some background. Dropbox uses a file named filecache.dbx to store details about files that have been or will be synced to the Dropbox cloud. This file used to be a SQLite database (named filecache.db) … Continued