's Avatar

@beercow.bsky.social

"Distrust and caution are the parents of security." - Benjamin Franklin https://malwaremaloney.blogspot.com

407 Followers  |  186 Following  |  59 Posts  |  Joined: 06.11.2024  |  1.7285

Latest posts by beercow.bsky.social on Bluesky

Preview
OneDrive updates What's new in OneDriveExplorer OnedDriveExplorer v2025.11.07 now includes a dedicated parser for Microsoft.FilesOnDemand....

Weekly update. New features in OneDriveExplorer, Onedrive Evolution and schema updates. #DFIR
malwaremaloney.blogspot.com/2025/11/oned...

07.11.2025 14:54 β€” πŸ‘ 1    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
OneDrive updates What's new in OneDriveExplorer OnedDriveExplorer v2025.11.07 now includes a dedicated parser for Microsoft.FilesOnDemand....

Weekly update. New features in OneDriveExplorer, Onedrive Evolution and schema updates. #DFIR
malwaremaloney.blogspot.com/2025/11/oned...

07.11.2025 14:54 β€” πŸ‘ 1    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

Adding a parser for Microsoft.FilesOnDemand.db to OneDriveExplorer. Yet another source to rebuild the user’s OnDrive. More to come. #DFIR

16.10.2025 03:43 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
MALoney (It's in the name): OneDrive Quick Access What is Quick access? Quick access makes it simple to find your frequently used storage locations, inclu...

Did a little digging in Microsoft.FileUsageSync.db. Found some information to piece together OneDrive Quick Access. #DFIR
malwaremaloney.blogspot.com/2025/10/oned...

16.10.2025 03:42 β€” πŸ‘ 0    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
MALoney (It's in the name): OneDrive Quick Access What is Quick access? Quick access makes it simple to find your frequently used storage locations, inclu...

Did a little digging in Microsoft.FileUsageSync.db. Found some information to piece together OneDrive Quick Access. #DFIR
malwaremaloney.blogspot.com/2025/10/oned...

08.10.2025 21:37 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

*but

04.10.2025 02:27 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Correct me if I’m wrong bit what you described is Xbox from day one.

04.10.2025 02:27 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
MALoney (It's in the name): OneDrive. Let's take this offline At the beginning of this year, I started adding data from the offline databases into OneDrive Explorer. This data enhanced...

In case you missed it. New release of OneDriveExplorer. It has a dedicated parser for MicrosoftListSync.db (offline mode). #DFIR

malwaremaloney.blogspot.com/2025/09/oned...

30.09.2025 02:27 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

That time of year again when everybody starts abbreviating cybersecurity awareness month as CSAM. 21 pages deep of google searches for that term and not a single mention of cybersecurity awareness month. Go figure.

23.09.2025 21:48 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
MALoney (It's in the name): OneDrive Evolution Below is a collapsible indented tree depicting the contents of a OneDrive Profile. Each rectangle represents a file or directory and is lab...

OneDrive Evolution has been updated to v25.162.0820.0001. That’s 692 versions OneDriveExplorer now handles. SafeDelete.db has been updated to schema v9. Enjoy!

malwaremaloney.blogspot.com/p/onedrive-e...

malwaremaloney.blogspot.com/p/safedelete...

22.08.2025 22:16 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image Post image

Appears OneDrive snuck a new sync client in. Works with personal accounts at the moment. It’s WebView2. You can find data in the following locations:
AppData\Local\Microsoft\OneDrive\OD4
AppData\Local\Microsoft\OneDrive\Logs\OD4
Where are my browser forensics experts at? #DFIR

11.08.2025 18:29 β€” πŸ‘ 0    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

Updated OneDrive Evolution. You can now compare two versions of OneDrive and see what has changed. #DFIR

malwaremaloney.blogspot.com/p/onedrive-e...

07.08.2025 03:02 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Release v2025.05.30 Β· Beercow/OneDriveExplorer Β· GitHub Change Log Fixed ODL bug fix FileUsageSynce bug fix

Something you may not know. OneDriveExplorer also works for the OneDrive sync client for macOS.

github.com/Beercow/OneD...

25.06.2025 00:04 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

Today we learned Fishrocket (the one with the doughnut) has cancer. It’s an aggressive form of mast cell tumors. Treatment usually involves removing them but there are too many. They prescribe prednisone because they itch. Has diabetes so can’t give him prednisone. Poor guy.

20.06.2025 00:19 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

1/ I successfully tested a LSASS dumping technique on a Windows 10 lab machine, which we encountered on a recent Incident Response engagement (no EDR, default Defender installed).

The "MiniDumpWriteDump" technique, as described here [1], was successful in writing the LSASS process to disk.

19.06.2025 08:33 β€” πŸ‘ 0    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0
Post image

Another interesting forensic artifact in OneDrive. UXDatabase.db

18.06.2025 19:30 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
MALoney (It's in the name): Weekly Update 6/6/2025 OneDrive Evolution OneDrive Evolution has been updated to OneDrive versionΒ 25.106.0602.0001. Starting with versionΒ 25.102.0527.0001, there ...

Updates on the OneDrive sync client.

malwaremaloney.blogspot.com/2025/06/week...

06.06.2025 20:24 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

New folder and databases in the OneDrive sync client. Not sure what feature they are tied to yet. More to come. #DFIR

05.06.2025 02:02 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image Post image

New laptop, new stickes. 😜

03.06.2025 02:14 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Release v2025.05.30 Β· Beercow/OneDriveExplorer Β· GitHub Change Log Fixed ODL bug fix FileUsageSynce bug fix

Found a few bugs that would cause crashes in OneDriveExplorer around ODL and FileUsageSync. Update available.

github.com/Beercow/OneD...

30.05.2025 19:36 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
MALoney (It's in the name): OneDrive Evolution and Schema Updates OneDrive Evolution Updates OneDrive Evolution has been updated to v25.093.0514.0001 OneDrive Evolution SyncEngine Schema Updates Β Schemas 34...

Finally caught up. Updates to OneDrive Evolution and database schemas.

malwaremaloney.blogspot.com/2025/05/oned...

23.05.2025 19:16 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
MALoney (It's in the name): OneDriveExplorer now supports Microsoft.FileUsageSync.db Recently, I have been focused on adding support for Microsoft.FileUsageSync.db. See my previous post on Microsoft.FileUsag...

Been a little while. Was busy adding support for Microsoft.FileUsageSync.db to OneDriveExplorer. Update brings in data on files shared via email, Teams, SharePoint and more. Thank you Heather Barnhart for the bug report on search function issues. #DFIR

malwaremaloney.blogspot.com/2025/05/oned...

13.05.2025 11:50 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

15 strips would have at least been correct.

11.05.2025 20:01 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Original post: infosec.exchange/@13reak/1143...

15.04.2025 21:17 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Ah gotcha. I threw some on the stick table also. It was nice meeting you.

13.04.2025 15:20 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Did you snag them from CypherCon?

13.04.2025 03:36 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

Hmmmm. What are we up to here? πŸ€”

11.03.2025 22:53 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Interesting thing with OneDrive Offline Mode for web. You can get the last two modification times of a file. Could come in handy. #DFIR

07.03.2025 20:16 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
MALoney (It's in the name): OneDrive Microsoft.FileUsageSync.db I recently started to look into the Microsoft.FileUsageSync.db . The database can be found in %localappdat...

I started exploring OneDrive’s FileUsageSync.bd. There is some useful information on files shared via email, Teams, etc… that may not be in the user’s OneDrive.

https://malwaremaloney.blogspot.com/2025/02/onedrive-microsoftfileusagesyncdb.html

21.02.2025 17:53 β€” πŸ‘ 0    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

I am OneDrive.

21.02.2025 13:39 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

@beercow is following 17 prominent accounts