[Black Hat USA 2020] Paula’s and Mike’s Arsenal Session – CQForensic: The Efficient Forensic Toolkit

Black Hat USA 2020 CQURE Paula’s and Mike’s Arsenal Session – CQForensic: The Efficient Forensic Toolkit

Thank you for joining Black Hat USA 2020 Arsenal Session hosted by Paula Januszkiewicz and Mike Jankowski-Lorek!


This year’s edition was unlike any other, as we took it online. However, engagement, enthusiasm, and intensity even increased.

Although there is one thing that hasn’t changed – CQURE’s Team gave its best. Not only during  the Arsenal Session but also while other training:

  • Systems Forensics and Incident Handling
  • Advanced Hacking and Securing Windows Infrastructure

Liked our session? Or maybe missed it? No worries, below you will find a summary, together with the slides and tools.

CQForensic: The Efficient Forensic Toolkit


Why is the CQForensic Toolkit useful?
Our original toolkit enables you to perform detailed computer forensic examinations. Get familiar with the information gathering process providing data for analysis and extracting the evidence.

When will CQForensic save you?


CQForensic can build an attack timeline, extract information from the USN journal, recover files (also from MFT), decrypt user’s and system’s stored secrets (like encrypted data), extract information from Prefetch and Remote Desktop Session cache, and extract information from the configuration of the used for administration tools.

Moreover, it contains a toolkit for memory analysis and can extract information from memory dumps. Our biggest CQKawaii tool implements custom-made machine learning algorithms to extract from the large logs the anomalies.

Find the presentation slides HERE. 

Download the tools: HERE

If you have any questions please leave a comment below or drop us a message via our contact form. 

What is Black Hat?


For more than 20 years, Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors.

During the event, you have a chance to participate in training classes, Arsenal Sessions, Briefings, and Review Boards. This year’s edition took place fully online due to the COVID-19 pandemic.

Check out the official webpage.