DailyDFIR

DailyDFIR

I've set a goal in 2020 to post a tweet every day about something #DFIR-related. Each month will have a theme with the tweets featuring tips examples and links. Follow me here (and at https://t.co/rSnsnYWaUs) for your #DailyDFIR! https://t.co/ls97iJRqWW
I've set a goal in 2020 to post a tweet every day about something #DFIR-related. Each month will have a theme with the tweets featuring tips examples and links. Follow me here (and at https://t.co/rSnsnYWaUs) for your #DailyDFIR! https://t.co/ls97iJRqWW
https://twitter.com/_RyanBenson/status/1212506065343930368
·dfir.blog·
I've set a goal in 2020 to post a tweet every day about something #DFIR-related. Each month will have a theme with the tweets featuring tips examples and links. Follow me here (and at https://t.co/rSnsnYWaUs) for your #DailyDFIR! https://t.co/ls97iJRqWW
#DailyDFIR 176: @13CubedDFIR has a video explaining basics about .DS_Store files on #macOS and how to get value from them in #DFIR investigations: https://t.co/dUvkr6tvrH by @13CubedDFIR DSStoreParser Tool https://t.co/4Kx2eMJys6 by @nicoleibrahim
#DailyDFIR 176: @13CubedDFIR has a video explaining basics about .DS_Store files on #macOS and how to get value from them in #DFIR investigations: https://t.co/dUvkr6tvrH by @13CubedDFIR DSStoreParser Tool https://t.co/4Kx2eMJys6 by @nicoleibrahim
https://twitter.com/_RyanBenson/status/1275956297003745280
·youtube.com·
#DailyDFIR 176: @13CubedDFIR has a video explaining basics about .DS_Store files on #macOS and how to get value from them in #DFIR investigations: https://t.co/dUvkr6tvrH by @13CubedDFIR DSStoreParser Tool https://t.co/4Kx2eMJys6 by @nicoleibrahim
#DailyDFIR 170: Come learn about #DFIR Incident Management at @Google on the Forensic Lunch tomorrow! (8am PDT) https://t.co/UbL4xQxJlP @HECFBlog will have @0xMatt @joachimmetz @JamesNettesheim and @alexanderjaeger - should be a great show!
#DailyDFIR 170: Come learn about #DFIR Incident Management at @Google on the Forensic Lunch tomorrow! (8am PDT) https://t.co/UbL4xQxJlP @HECFBlog will have @0xMatt @joachimmetz @JamesNettesheim and @alexanderjaeger - should be a great show!
https://twitter.com/_RyanBenson/status/1273835754041405440
·youtube.com·
#DailyDFIR 170: Come learn about #DFIR Incident Management at @Google on the Forensic Lunch tomorrow! (8am PDT) https://t.co/UbL4xQxJlP @HECFBlog will have @0xMatt @joachimmetz @JamesNettesheim and @alexanderjaeger - should be a great show!
#DailyDFIR 178: I'm a big proponent of using visualizations to help with analysis & I love seeing how others make use of them. @Forensicator4 wrote a post about exploring the visualization options in #Python & #Pandas with a #DFIR spin: https://t.co/00RmMH0FCx #DFIR
#DailyDFIR 178: I'm a big proponent of using visualizations to help with analysis & I love seeing how others make use of them. @Forensicator4 wrote a post about exploring the visualization options in #Python & #Pandas with a #DFIR spin: https://t.co/00RmMH0FCx #DFIR
https://twitter.com/_RyanBenson/status/1276550059279044609
·forensic8or.blogspot.com·
#DailyDFIR 178: I'm a big proponent of using visualizations to help with analysis & I love seeing how others make use of them. @Forensicator4 wrote a post about exploring the visualization options in #Python & #Pandas with a #DFIR spin: https://t.co/00RmMH0FCx #DFIR
#DailyDFIR 177: More fun with .DS_Store files: @JPoForenso on using .DS_Store files to find references to deleted files: https://t.co/luIC3GVKaq & https://t.co/0wIg3moWLd Interesting way to leverage exposed .DS_Store files: https://t.co/KfgDuc5P2n #DFIR #macOS
#DailyDFIR 177: More fun with .DS_Store files: @JPoForenso on using .DS_Store files to find references to deleted files: https://t.co/luIC3GVKaq & https://t.co/0wIg3moWLd Interesting way to leverage exposed .DS_Store files: https://t.co/KfgDuc5P2n #DFIR #macOS
https://twitter.com/_RyanBenson/status/1276152400844328961
·ponderthebits.com·
#DailyDFIR 177: More fun with .DS_Store files: @JPoForenso on using .DS_Store files to find references to deleted files: https://t.co/luIC3GVKaq & https://t.co/0wIg3moWLd Interesting way to leverage exposed .DS_Store files: https://t.co/KfgDuc5P2n #DFIR #macOS
#DailyDFIR 175: @hackerfactor has a detailed post examining a plethora of approaches to detect timestamp manipulation in photos: https://t.co/2PeKWKNJ9S It is similar to #DFIR cases where the system clock was changed; you can use other factors to tell something is off.
#DailyDFIR 175: @hackerfactor has a detailed post examining a plethora of approaches to detect timestamp manipulation in photos: https://t.co/2PeKWKNJ9S It is similar to #DFIR cases where the system clock was changed; you can use other factors to tell something is off.
https://twitter.com/_RyanBenson/status/1275440977675722752
·hackerfactor.com·
#DailyDFIR 175: @hackerfactor has a detailed post examining a plethora of approaches to detect timestamp manipulation in photos: https://t.co/2PeKWKNJ9S It is similar to #DFIR cases where the system clock was changed; you can use other factors to tell something is off.
#DailyDFIR 172: Metaspike has a couple nice posts on the different kinds of encoded timestamps you may find in email messages: https://t.co/WHpFqzoBN8 https://t.co/nqecrYwZQa I don't examine emails very often but I do like finding timestamps encoded in new places! #DFIR
#DailyDFIR 172: Metaspike has a couple nice posts on the different kinds of encoded timestamps you may find in email messages: https://t.co/WHpFqzoBN8 https://t.co/nqecrYwZQa I don't examine emails very often but I do like finding timestamps encoded in new places! #DFIR
https://twitter.com/_RyanBenson/status/1274453405105192960
·metaspike.com·
#DailyDFIR 172: Metaspike has a couple nice posts on the different kinds of encoded timestamps you may find in email messages: https://t.co/WHpFqzoBN8 https://t.co/nqecrYwZQa I don't examine emails very often but I do like finding timestamps encoded in new places! #DFIR
#DailyDFIR 181: It's almost July and that means more great #DFIR events! Check out the list @DfirDiva put together with a focus on beginners: https://t.co/GZzarsNS81 It includes the @DFIRSummit which I'll be speaking at about Unfurl!
#DailyDFIR 181: It's almost July and that means more great #DFIR events! Check out the list @DfirDiva put together with a focus on beginners: https://t.co/GZzarsNS81 It includes the @DFIRSummit which I'll be speaking at about Unfurl!
https://twitter.com/_RyanBenson/status/1277811820078628864
·dfirdiva.com·
#DailyDFIR 181: It's almost July and that means more great #DFIR events! Check out the list @DfirDiva put together with a focus on beginners: https://t.co/GZzarsNS81 It includes the @DFIRSummit which I'll be speaking at about Unfurl!
#DailyDFIR 174: @SwiftForensics wrote a good post on Screentime Notifications: https://t.co/u74yxWda2m Besides the content I like the post's format. It's relatively short & focused on a single artifact. Reminds me of 4n6k's "Forensics Quickies" from back in the day. #DFIR
#DailyDFIR 174: @SwiftForensics wrote a good post on Screentime Notifications: https://t.co/u74yxWda2m Besides the content I like the post's format. It's relatively short & focused on a single artifact. Reminds me of 4n6k's "Forensics Quickies" from back in the day. #DFIR
https://twitter.com/_RyanBenson/status/1275072046712512520
·swiftforensics.com·
#DailyDFIR 174: @SwiftForensics wrote a good post on Screentime Notifications: https://t.co/u74yxWda2m Besides the content I like the post's format. It's relatively short & focused on a single artifact. Reminds me of 4n6k's "Forensics Quickies" from back in the day. #DFIR
#DailyDFIR 173: Few references materials in #DFIR have remained as useful as @carrier4n6's "File System Forensic Analysis" (from 2005!): https://t.co/SyYKR2Vdqz This deep-dive into file systems is quite handy to have nearby (either for a case or for CTF trivia @bethlogic). https://t.co/II3Zawv8lH
#DailyDFIR 173: Few references materials in #DFIR have remained as useful as @carrier4n6's "File System Forensic Analysis" (from 2005!): https://t.co/SyYKR2Vdqz This deep-dive into file systems is quite handy to have nearby (either for a case or for CTF trivia @bethlogic). https://t.co/II3Zawv8lH
https://twitter.com/_RyanBenson/status/1274730294713520128
·digital-evidence.org·
#DailyDFIR 173: Few references materials in #DFIR have remained as useful as @carrier4n6's "File System Forensic Analysis" (from 2005!): https://t.co/SyYKR2Vdqz This deep-dive into file systems is quite handy to have nearby (either for a case or for CTF trivia @bethlogic). https://t.co/II3Zawv8lH
#DailyDFIR 171: @iamevltwin has (many!) updates to knowledgeC modules in APOLLO: https://t.co/v8zaUC3HcL https://t.co/myaQ8hv83g knowledgeC is a really interesting resource worth checking out if you are examining an iOS or macOS device! #DFIR
#DailyDFIR 171: @iamevltwin has (many!) updates to knowledgeC modules in APOLLO: https://t.co/v8zaUC3HcL https://t.co/myaQ8hv83g knowledgeC is a really interesting resource worth checking out if you are examining an iOS or macOS device! #DFIR
https://twitter.com/_RyanBenson/status/1274140811194560512
·mac4n6.com·
#DailyDFIR 171: @iamevltwin has (many!) updates to knowledgeC modules in APOLLO: https://t.co/v8zaUC3HcL https://t.co/myaQ8hv83g knowledgeC is a really interesting resource worth checking out if you are examining an iOS or macOS device! #DFIR
#DailyDFIR 168: The @SANSInstitute @DFIRSummit is now FREE! It's a great event & it being online and free this year makes me happy b/c it's accessible to more people! July 16-17 2020 Register: https://t.co/G0DG16TnuW Agenda: https://t.co/wLC6EYJYgM #DFIR #Infosec
#DailyDFIR 168: The @SANSInstitute @DFIRSummit is now FREE! It's a great event & it being online and free this year makes me happy b/c it's accessible to more people! July 16-17 2020 Register: https://t.co/G0DG16TnuW Agenda: https://t.co/wLC6EYJYgM #DFIR #Infosec
https://twitter.com/_RyanBenson/status/1273030741161504768
·sans.org·
#DailyDFIR 168: The @SANSInstitute @DFIRSummit is now FREE! It's a great event & it being online and free this year makes me happy b/c it's accessible to more people! July 16-17 2020 Register: https://t.co/G0DG16TnuW Agenda: https://t.co/wLC6EYJYgM #DFIR #Infosec
#DailyDFIR 166: I use #Python to build #DFIR things. The @pythonbytes podcast is great for learning: https://t.co/3229V14De2 Confession: I haven't ever actually listened to an episode; I just skim the summaries to learn about new scripts & modules. Still really helpful!
#DailyDFIR 166: I use #Python to build #DFIR things. The @pythonbytes podcast is great for learning: https://t.co/3229V14De2 Confession: I haven't ever actually listened to an episode; I just skim the summaries to learn about new scripts & modules. Still really helpful!
https://twitter.com/_RyanBenson/status/1272388037490556928
·pythonbytes.fm·
#DailyDFIR 166: I use #Python to build #DFIR things. The @pythonbytes podcast is great for learning: https://t.co/3229V14De2 Confession: I haven't ever actually listened to an episode; I just skim the summaries to learn about new scripts & modules. Still really helpful!
#DailyDFIR 165: Check out this nice resource by @technisette for finding the right OSINT tool: https://t.co/Yo9tHBXj5a It has an easy to browse collection of tools and tutorials grouped by category or you can just search the whole thing! #DFIR #OSINT
#DailyDFIR 165: Check out this nice resource by @technisette for finding the right OSINT tool: https://t.co/Yo9tHBXj5a It has an easy to browse collection of tools and tutorials grouped by category or you can just search the whole thing! #DFIR #OSINT
https://twitter.com/_RyanBenson/status/1271992826323034113
·technisette.com·
#DailyDFIR 165: Check out this nice resource by @technisette for finding the right OSINT tool: https://t.co/Yo9tHBXj5a It has an easy to browse collection of tools and tutorials grouped by category or you can just search the whole thing! #DFIR #OSINT
#DailyDFIR 162: Hindsight is 2020! Okay it's actually v20200607 but I've been waiting years to make a bad "Hindsight 2020" joke. There's a new version of Hindsight! Features: #Python 3 Supports #Chrome 1 - 83 More Storage artifacts https://t.co/6eorratUJO #DFIR
#DailyDFIR 162: Hindsight is 2020! Okay it's actually v20200607 but I've been waiting years to make a bad "Hindsight 2020" joke. There's a new version of Hindsight! Features: #Python 3 Supports #Chrome 1 - 83 More Storage artifacts https://t.co/6eorratUJO #DFIR
https://twitter.com/_RyanBenson/status/1270711815974969344
·dfir.blog·
#DailyDFIR 162: Hindsight is 2020! Okay it's actually v20200607 but I've been waiting years to make a bad "Hindsight 2020" joke. There's a new version of Hindsight! Features: #Python 3 Supports #Chrome 1 - 83 More Storage artifacts https://t.co/6eorratUJO #DFIR
#DailyDFIR 161: @iamevltwin has a post on analyzing Apple TV using free tools she's built for iOS & Mac analysis - and it just works! It's sweet when tools do more than expected. https://t.co/6k4FjzLpjz It's a good reminder that #DFIR is more than phones laptops & desktops
#DailyDFIR 161: @iamevltwin has a post on analyzing Apple TV using free tools she's built for iOS & Mac analysis - and it just works! It's sweet when tools do more than expected. https://t.co/6k4FjzLpjz It's a good reminder that #DFIR is more than phones laptops & desktops
https://twitter.com/_RyanBenson/status/1270538383194943489
·mac4n6.com·
#DailyDFIR 161: @iamevltwin has a post on analyzing Apple TV using free tools she's built for iOS & Mac analysis - and it just works! It's sweet when tools do more than expected. https://t.co/6k4FjzLpjz It's a good reminder that #DFIR is more than phones laptops & desktops
#DailyDFIR 160: @BlakDouble has a post explaining Favicon artifacts on mobile Safari and how it can sometimes provide insight into when pages were visited: https://t.co/AFQ2mkYbZ2 I've found the Chrome Favicons to be of similar use. #DFIR
#DailyDFIR 160: @BlakDouble has a post explaining Favicon artifacts on mobile Safari and how it can sometimes provide insight into when pages were visited: https://t.co/AFQ2mkYbZ2 I've found the Chrome Favicons to be of similar use. #DFIR
https://twitter.com/_RyanBenson/status/1270208880493187074
·doubleblak.com·
#DailyDFIR 160: @BlakDouble has a post explaining Favicon artifacts on mobile Safari and how it can sometimes provide insight into when pages were visited: https://t.co/AFQ2mkYbZ2 I've found the Chrome Favicons to be of similar use. #DFIR
#DailyDFIR 159: DFRWS EU was last week. One interesting paper was "On Challenges in Verifying Trusted Executable Files in Memory Forensics" by Uroz & Rodríguez: Paper: https://t.co/zGeO3kmK3Z Slides: https://t.co/hpyckn6kme #DFIR #Volatility
#DailyDFIR 159: DFRWS EU was last week. One interesting paper was "On Challenges in Verifying Trusted Executable Files in Memory Forensics" by Uroz & Rodríguez: Paper: https://t.co/zGeO3kmK3Z Slides: https://t.co/hpyckn6kme #DFIR #Volatility
https://twitter.com/_RyanBenson/status/1269786719533977600
·dfrws.org·
#DailyDFIR 159: DFRWS EU was last week. One interesting paper was "On Challenges in Verifying Trusted Executable Files in Memory Forensics" by Uroz & Rodríguez: Paper: https://t.co/zGeO3kmK3Z Slides: https://t.co/hpyckn6kme #DFIR #Volatility
#DailyDFIR 157: The @EFF has many good guides and how-tos. Check them out. You might learn something or find something relevant to send on to less tech-savvy friend/family member/etc: https://t.co/yWYpFMzsVF #DFIR #opsec
#DailyDFIR 157: The @EFF has many good guides and how-tos. Check them out. You might learn something or find something relevant to send on to less tech-savvy friend/family member/etc: https://t.co/yWYpFMzsVF #DFIR #opsec
https://twitter.com/_RyanBenson/status/1269073792279535618
·ssd.eff.org·
#DailyDFIR 157: The @EFF has many good guides and how-tos. Check them out. You might learn something or find something relevant to send on to less tech-savvy friend/family member/etc: https://t.co/yWYpFMzsVF #DFIR #opsec
#DailyDFIR 156: @Hexacorn has a long-running (124 parts & counting!) truly impressive blog series on Windows persistence mechanisms called "Beyond good ol Run key": https://t.co/i23tMv2hkd Check it out; I've learned a ton from following his research. #DFIR #Malware #Infosec
#DailyDFIR 156: @Hexacorn has a long-running (124 parts & counting!) truly impressive blog series on Windows persistence mechanisms called "Beyond good ol Run key": https://t.co/i23tMv2hkd Check it out; I've learned a ton from following his research. #DFIR #Malware #Infosec
https://twitter.com/_RyanBenson/status/1268741245553135617
·hexacorn.com·
#DailyDFIR 156: @Hexacorn has a long-running (124 parts & counting!) truly impressive blog series on Windows persistence mechanisms called "Beyond good ol Run key": https://t.co/i23tMv2hkd Check it out; I've learned a ton from following his research. #DFIR #Malware #Infosec
#DailyDFIR 155: Do you like jigsaw puzzles #DFIR and want to reconstruct RDP screenshots? Then you need to check out @brianjmoran's talk from the #MVS2020! Slides: https://t.co/fLOreJ0FHC Code: https://t.co/17L77zUKMd #DFIR
#DailyDFIR 155: Do you like jigsaw puzzles #DFIR and want to reconstruct RDP screenshots? Then you need to check out @brianjmoran's talk from the #MVS2020! Slides: https://t.co/fLOreJ0FHC Code: https://t.co/17L77zUKMd #DFIR
https://twitter.com/_RyanBenson/status/1268309292660060160
·slideshare.net·
#DailyDFIR 155: Do you like jigsaw puzzles #DFIR and want to reconstruct RDP screenshots? Then you need to check out @brianjmoran's talk from the #MVS2020! Slides: https://t.co/fLOreJ0FHC Code: https://t.co/17L77zUKMd #DFIR
#DailyDFIR 153: Do you need a way to manage threat intel? Check out yeti by @tomchop_ & @Sebdraven! https://t.co/rvCes8YHHE Yeti features: - Organize observables IOCs TTPs & more - Auto-enrichment - Visualize relationships in graphs - Open source #Python - Web UI & API
#DailyDFIR 153: Do you need a way to manage threat intel? Check out yeti by @tomchop_ & @Sebdraven! https://t.co/rvCes8YHHE Yeti features: - Organize observables IOCs TTPs & more - Auto-enrichment - Visualize relationships in graphs - Open source #Python - Web UI & API
https://twitter.com/_RyanBenson/status/1267656426802917376
·github.com·
#DailyDFIR 153: Do you need a way to manage threat intel? Check out yeti by @tomchop_ & @Sebdraven! https://t.co/rvCes8YHHE Yeti features: - Organize observables IOCs TTPs & more - Auto-enrichment - Visualize relationships in graphs - Open source #Python - Web UI & API
#DailyDFIR 152: Programming is an essential part of my #DFIR workflow. I know some in the field don't code (and that's fine); I just can't imagine myself doing this job without it. If you want to learn #Python this new free course by @dabeaz looks good: https://t.co/XKV3Efmuk4
#DailyDFIR 152: Programming is an essential part of my #DFIR workflow. I know some in the field don't code (and that's fine); I just can't imagine myself doing this job without it. If you want to learn #Python this new free course by @dabeaz looks good: https://t.co/XKV3Efmuk4
https://twitter.com/_RyanBenson/status/1267298834108932096
·dabeaz-course.github.io·
#DailyDFIR 152: Programming is an essential part of my #DFIR workflow. I know some in the field don't code (and that's fine); I just can't imagine myself doing this job without it. If you want to learn #Python this new free course by @dabeaz looks good: https://t.co/XKV3Efmuk4
#DailyDFIR 151: If you work with Macs check out mac_apt by @SwiftForensics. It parses artifacts from disk images or live machines and just got some cool new features in this update. #DFIR #Python #infosec https://t.co/GmW3oHmuGU
#DailyDFIR 151: If you work with Macs check out mac_apt by @SwiftForensics. It parses artifacts from disk images or live machines and just got some cool new features in this update. #DFIR #Python #infosec https://t.co/GmW3oHmuGU
https://twitter.com/_RyanBenson/status/1266917723868549120
·twitter.com·
#DailyDFIR 151: If you work with Macs check out mac_apt by @SwiftForensics. It parses artifacts from disk images or live machines and just got some cool new features in this update. #DFIR #Python #infosec https://t.co/GmW3oHmuGU
#DailyDFIR 150: Interested in doing #DFIR in multiple clouds with open source tools? Check out libcloudforensics! Features: Copy disks Query cloud logs Auto create analysis VMs Works on #AWS & #GCP; #Azure coming soon! https://t.co/0aptakqjiA #DFIR #Python #Infosec
#DailyDFIR 150: Interested in doing #DFIR in multiple clouds with open source tools? Check out libcloudforensics! Features: Copy disks Query cloud logs Auto create analysis VMs Works on #AWS & #GCP; #Azure coming soon! https://t.co/0aptakqjiA #DFIR #Python #Infosec
https://twitter.com/_RyanBenson/status/1266458431650594816
·osdfir.blogspot.com·
#DailyDFIR 150: Interested in doing #DFIR in multiple clouds with open source tools? Check out libcloudforensics! Features: Copy disks Query cloud logs Auto create analysis VMs Works on #AWS & #GCP; #Azure coming soon! https://t.co/0aptakqjiA #DFIR #Python #Infosec