DailyDFIR

DailyDFIR

#DailyDFIR 179: New post by @hacktobeer showing how to query #AWS and #GCP logs using the libcloudforensics #Python module or CLI tool: 🔗 https://t.co/kY32U6ka9V 🔗 https://t.co/5AKjpLVykj #DFIR #Cloud
#DailyDFIR 179: New post by @hacktobeer showing how to query #AWS and #GCP logs using the libcloudforensics #Python module or CLI tool: 🔗 https://t.co/kY32U6ka9V 🔗 https://t.co/5AKjpLVykj #DFIR #Cloud
https://twitter.com/_RyanBenson/status/1276888647199907840
·osdfir.blogspot.com·
#DailyDFIR 179: New post by @hacktobeer showing how to query #AWS and #GCP logs using the libcloudforensics #Python module or CLI tool: 🔗 https://t.co/kY32U6ka9V 🔗 https://t.co/5AKjpLVykj #DFIR #Cloud
#DailyDFIR 169: Did you know you can often see how long someone was on a Google search page just from the URL? It's in the gs_l param & https://t.co/H5XHNrawum can show you it (and more!) @300Dfir covers it in his write-up on the #MVS2020CTF: 🔗 https://t.co/6yZaokNIMm #DFIR
#DailyDFIR 169: Did you know you can often see how long someone was on a Google search page just from the URL? It's in the gs_l param & https://t.co/H5XHNrawum can show you it (and more!) @300Dfir covers it in his write-up on the #MVS2020CTF: 🔗 https://t.co/6yZaokNIMm #DFIR
https://twitter.com/_RyanBenson/status/1273485362594148352
·dfir300.blogspot.com·
#DailyDFIR 169: Did you know you can often see how long someone was on a Google search page just from the URL? It's in the gs_l param & https://t.co/H5XHNrawum can show you it (and more!) @300Dfir covers it in his write-up on the #MVS2020CTF: 🔗 https://t.co/6yZaokNIMm #DFIR
#DailyDFIR 149: Small update to Unfurl 🌿 is out, with a few new features & fixes: 🖱️📋 Double-click a node to copy its value 🩳🔗 Add support for more short-links 🔂💬 Clarify ei parameter explanation Check it out at https://t.co/H5XHNrawum! More updates to come #DFIR
#DailyDFIR 149: Small update to Unfurl 🌿 is out, with a few new features & fixes: 🖱️📋 Double-click a node to copy its value 🩳🔗 Add support for more short-links 🔂💬 Clarify ei parameter explanation Check it out at https://t.co/H5XHNrawum! More updates to come #DFIR
https://twitter.com/_RyanBenson/status/1266073261936218113
·dfir.blog·
#DailyDFIR 149: Small update to Unfurl 🌿 is out, with a few new features & fixes: 🖱️📋 Double-click a node to copy its value 🩳🔗 Add support for more short-links 🔂💬 Clarify ei parameter explanation Check it out at https://t.co/H5XHNrawum! More updates to come #DFIR
#DailyDFIR 144: @13CubedDFIR has a ton of great video content on #DFIR topics, including: 🔹Windows Forensics 🔹Memory Forensics 🔹Malware Analysis 🔹Mobile Forensics Check it out! https://t.co/duqS8f35Fn
#DailyDFIR 144: @13CubedDFIR has a ton of great video content on #DFIR topics, including: 🔹Windows Forensics 🔹Memory Forensics 🔹Malware Analysis 🔹Mobile Forensics Check it out! https://t.co/duqS8f35Fn
https://twitter.com/_RyanBenson/status/1264343956520759296
·youtube.com·
#DailyDFIR 144: @13CubedDFIR has a ton of great video content on #DFIR topics, including: 🔹Windows Forensics 🔹Memory Forensics 🔹Malware Analysis 🔹Mobile Forensics Check it out! https://t.co/duqS8f35Fn
#DailyDFIR 142: Did you know Unfurl can parse more than URLs? Quick example: 🔸Open a SQLite DB 🔸See a column named "proto" (hint, hint) 🔸Copy hex bytes 🔸Paste into Unfurl 🔸Unfurl expands it & runs other parsers (ex: timestamp translated) 🔗https://t.co/08eKH0YCch #DFIR https://t.co/bF69V6jXmc
#DailyDFIR 142: Did you know Unfurl can parse more than URLs? Quick example: 🔸Open a SQLite DB 🔸See a column named "proto" (hint, hint) 🔸Copy hex bytes 🔸Paste into Unfurl 🔸Unfurl expands it & runs other parsers (ex: timestamp translated) 🔗https://t.co/08eKH0YCch #DFIR https://t.co/bF69V6jXmc
https://twitter.com/_RyanBenson/status/1263577939704115200
·twitter.com·
#DailyDFIR 142: Did you know Unfurl can parse more than URLs? Quick example: 🔸Open a SQLite DB 🔸See a column named "proto" (hint, hint) 🔸Copy hex bytes 🔸Paste into Unfurl 🔸Unfurl expands it & runs other parsers (ex: timestamp translated) 🔗https://t.co/08eKH0YCch #DFIR https://t.co/bF69V6jXmc
#DailyDFIR 140: I'll be speaking about Unfurl at the (virtual) @SANSInstitute DFIR Summit in July! (I missed when the agenda was first posted publicly, whoops). 🔗https://t.co/ZfRisFEVnM 🔗https://t.co/wLC6EYJYgM I'm looking forward to a lot of these talks! #DFIR #DFIRSummit
#DailyDFIR 140: I'll be speaking about Unfurl at the (virtual) @SANSInstitute DFIR Summit in July! (I missed when the agenda was first posted publicly, whoops). 🔗https://t.co/ZfRisFEVnM 🔗https://t.co/wLC6EYJYgM I'm looking forward to a lot of these talks! #DFIR #DFIRSummit
https://twitter.com/_RyanBenson/status/1262870628576575488
·sans.org·
#DailyDFIR 140: I'll be speaking about Unfurl at the (virtual) @SANSInstitute DFIR Summit in July! (I missed when the agenda was first posted publicly, whoops). 🔗https://t.co/ZfRisFEVnM 🔗https://t.co/wLC6EYJYgM I'm looking forward to a lot of these talks! #DFIR #DFIRSummit
#DailyDFIR 118: Did you know #Chrome tracks how long each page is open? "History" SQLite DB ➡️ "visits" table ➡️ "visit_duration" column ➡️ value in milliseconds. Hindsight will parse this for you as "Visit Duration": 🔗https://t.co/B7fJ9TxeZh #DFIR #Python
#DailyDFIR 118: Did you know #Chrome tracks how long each page is open? "History" SQLite DB ➡️ "visits" table ➡️ "visit_duration" column ➡️ value in milliseconds. Hindsight will parse this for you as "Visit Duration": 🔗https://t.co/B7fJ9TxeZh #DFIR #Python
https://twitter.com/_RyanBenson/status/1254921002376556544
·github.com·
#DailyDFIR 118: Did you know #Chrome tracks how long each page is open? "History" SQLite DB ➡️ "visits" table ➡️ "visit_duration" column ➡️ value in milliseconds. Hindsight will parse this for you as "Visit Duration": 🔗https://t.co/B7fJ9TxeZh #DFIR #Python
#DailyDFIR 93: Check out this excellent post by @SwiftForensics on parsing unknown protobufs: 🔗https://t.co/uUnzmg9GAj The demonstration of parsing a test "unknown" protobuf with different tools and comparing results was great! #DFIR #Android #Python #mobile4n6
#DailyDFIR 93: Check out this excellent post by @SwiftForensics on parsing unknown protobufs: 🔗https://t.co/uUnzmg9GAj The demonstration of parsing a test "unknown" protobuf with different tools and comparing results was great! #DFIR #Android #Python #mobile4n6
https://twitter.com/_RyanBenson/status/1245775612762918913
·swiftforensics.com·
#DailyDFIR 93: Check out this excellent post by @SwiftForensics on parsing unknown protobufs: 🔗https://t.co/uUnzmg9GAj The demonstration of parsing a test "unknown" protobuf with different tools and comparing results was great! #DFIR #Android #Python #mobile4n6
#DailyDFIR 90: ICYMI, there is new version of the "ved" Google URL parameter (it still has the timestamp ⏰). I've created a comparison write-up of "ved" #Google URL parameters and how to parse them, including the new v2 type: 🔗https://t.co/HqnumPxVDZ #DFIR https://t.co/Qb2vvbGya9
#DailyDFIR 90: ICYMI, there is new version of the "ved" Google URL parameter (it still has the timestamp ⏰). I've created a comparison write-up of "ved" #Google URL parameters and how to parse them, including the new v2 type: 🔗https://t.co/HqnumPxVDZ #DFIR https://t.co/Qb2vvbGya9
https://twitter.com/_RyanBenson/status/1244830284794613760
·dfir.blog·
#DailyDFIR 90: ICYMI, there is new version of the "ved" Google URL parameter (it still has the timestamp ⏰). I've created a comparison write-up of "ved" #Google URL parameters and how to parse them, including the new v2 type: 🔗https://t.co/HqnumPxVDZ #DFIR https://t.co/Qb2vvbGya9
#DailyDFIR 87: Check out the daily CTF from @NW3CNews. Each part is small, so you can try some even if your time is limited: 🔗https://t.co/UvyAgJ8fDf I like CTFs because they are a fun way to exercise skills you might not use in your day-to-day. #DFIR #OSINT #CTF
#DailyDFIR 87: Check out the daily CTF from @NW3CNews. Each part is small, so you can try some even if your time is limited: 🔗https://t.co/UvyAgJ8fDf I like CTFs because they are a fun way to exercise skills you might not use in your day-to-day. #DFIR #OSINT #CTF
https://twitter.com/_RyanBenson/status/1243607474516590592
·nw3.ctfd.io·
#DailyDFIR 87: Check out the daily CTF from @NW3CNews. Each part is small, so you can try some even if your time is limited: 🔗https://t.co/UvyAgJ8fDf I like CTFs because they are a fun way to exercise skills you might not use in your day-to-day. #DFIR #OSINT #CTF
I've spotted a new version of the useful "ved" #Google URL parameter. #DailyDFIR 58: I created a comparison write-up of "ved" Google URL parameters and how to parse them, including the new v2 type: 🔗https://t.co/HqnumPxVDZ Don't worry #DFIR, the timestamp is still there! ⏰ https://t.co/kIUj2IeWLm
I've spotted a new version of the useful "ved" #Google URL parameter. #DailyDFIR 58: I created a comparison write-up of "ved" Google URL parameters and how to parse them, including the new v2 type: 🔗https://t.co/HqnumPxVDZ Don't worry #DFIR, the timestamp is still there! ⏰ https://t.co/kIUj2IeWLm
https://twitter.com/_RyanBenson/status/1233097224529178625
·dfir.blog·
I've spotted a new version of the useful "ved" #Google URL parameter. #DailyDFIR 58: I created a comparison write-up of "ved" Google URL parameters and how to parse them, including the new v2 type: 🔗https://t.co/HqnumPxVDZ Don't worry #DFIR, the timestamp is still there! ⏰ https://t.co/kIUj2IeWLm
#DailyDFIR 57: Ever wondered what a value buried in a Chrome artifact means? I've collected some of the ones I find helpful for easy reference: 🔗https://t.co/Op40XXkGnj Personal favorite: "The download was ... danger[ous], but the user told us to go ahead anyway" #YOLO #DFIR
#DailyDFIR 57: Ever wondered what a value buried in a Chrome artifact means? I've collected some of the ones I find helpful for easy reference: 🔗https://t.co/Op40XXkGnj Personal favorite: "The download was ... danger[ous], but the user told us to go ahead anyway" #YOLO #DFIR
https://twitter.com/_RyanBenson/status/1232686309581262848
·dfir.blog·
#DailyDFIR 57: Ever wondered what a value buried in a Chrome artifact means? I've collected some of the ones I find helpful for easy reference: 🔗https://t.co/Op40XXkGnj Personal favorite: "The download was ... danger[ous], but the user told us to go ahead anyway" #YOLO #DFIR
#DailyDFIR 36: Chrome v80 is here! I've updated my interactive "evolution" visualization. You can explore how the structure of the data that makes up your browsing history has changed through #Chrome's many versions: 🔗https://t.co/tyR4hbFVyV #DFIR #dataviz https://t.co/wJDv7bjfac
#DailyDFIR 36: Chrome v80 is here! I've updated my interactive "evolution" visualization. You can explore how the structure of the data that makes up your browsing history has changed through #Chrome's many versions: 🔗https://t.co/tyR4hbFVyV #DFIR #dataviz https://t.co/wJDv7bjfac
https://twitter.com/_RyanBenson/status/1225081455732092928
·dfir.blog·
#DailyDFIR 36: Chrome v80 is here! I've updated my interactive "evolution" visualization. You can explore how the structure of the data that makes up your browsing history has changed through #Chrome's many versions: 🔗https://t.co/tyR4hbFVyV #DFIR #dataviz https://t.co/wJDv7bjfac
UUIDs (universally unique identifiers) are everywhere online. UUIDv4 is the most common (random), but UUIDv1 (time-based) is still out there. #DailyDFIR 7: The 13th digit (or 1st of 3rd group) is a quick way to tell if a UUID holds a timestamp⏰ 🔗https://t.co/BjawVb8pzg #DFIR https://t.co/saqSR6esHU
UUIDs (universally unique identifiers) are everywhere online. UUIDv4 is the most common (random), but UUIDv1 (time-based) is still out there. #DailyDFIR 7: The 13th digit (or 1st of 3rd group) is a quick way to tell if a UUID holds a timestamp⏰ 🔗https://t.co/BjawVb8pzg #DFIR https://t.co/saqSR6esHU
https://twitter.com/_RyanBenson/status/1214565984993861632
·twitter.com·
UUIDs (universally unique identifiers) are everywhere online. UUIDv4 is the most common (random), but UUIDv1 (time-based) is still out there. #DailyDFIR 7: The 13th digit (or 1st of 3rd group) is a quick way to tell if a UUID holds a timestamp⏰ 🔗https://t.co/BjawVb8pzg #DFIR https://t.co/saqSR6esHU
"January's #DailyDFIR theme will be URLs and the things you can find inside of them. #DailyDFIR 1: Unfurl takes a URL and expands ("unfurls") it into a graph to show data it contains. It's amazing how much can be hidden inside URLs! 🛠️🌿 #DFIR 🔗https://t.co/ZfRisFEVnM https://t.co/Ti84QqEh7E"
"January's #DailyDFIR theme will be URLs and the things you can find inside of them. #DailyDFIR 1: Unfurl takes a URL and expands ("unfurls") it into a graph to show data it contains. It's amazing how much can be hidden inside URLs! 🛠️🌿 #DFIR 🔗https://t.co/ZfRisFEVnM https://t.co/Ti84QqEh7E"
https://twitter.com/_RyanBenson/status/1212511076534800384
·dfir.blog·
"January's #DailyDFIR theme will be URLs and the things you can find inside of them. #DailyDFIR 1: Unfurl takes a URL and expands ("unfurls") it into a graph to show data it contains. It's amazing how much can be hidden inside URLs! 🛠️🌿 #DFIR 🔗https://t.co/ZfRisFEVnM https://t.co/Ti84QqEh7E"
#DailyDFIR 366: It's here, the end of 2020! I've finished my year of tweeting about #DFIR topics every single day. I've put together a wrap-up post: 🔗 https://t.co/eePvJX9wQp Thanks to all of #DFIR; I couldn't have found 366 positive things to tweet about without your work! https://t.co/RLFmUNoKq6" / Twitter
#DailyDFIR 366: It's here, the end of 2020! I've finished my year of tweeting about #DFIR topics every single day. I've put together a wrap-up post: 🔗 https://t.co/eePvJX9wQp Thanks to all of #DFIR; I couldn't have found 366 positive things to tweet about without your work! https://t.co/RLFmUNoKq6" / Twitter
https://twitter.com/_RyanBenson/status/1344769819887865856
·dfir.blog·
#DailyDFIR 366: It's here, the end of 2020! I've finished my year of tweeting about #DFIR topics every single day. I've put together a wrap-up post: 🔗 https://t.co/eePvJX9wQp Thanks to all of #DFIR; I couldn't have found 366 positive things to tweet about without your work! https://t.co/RLFmUNoKq6" / Twitter
#DailyDFIR 364: A new Plaso release (20201228) is here! Updates: libfshfs added as option to improve HFS/HFSX parsing filestat parser supports more timestamp types libfsxfs added to provide XFS support and more! Post with more details: https://t.co/1Q51v6jv7v #DFIR
#DailyDFIR 364: A new Plaso release (20201228) is here! Updates: libfshfs added as option to improve HFS/HFSX parsing filestat parser supports more timestamp types libfsxfs added to provide XFS support and more! Post with more details: https://t.co/1Q51v6jv7v #DFIR
http://twitter.com/_RyanBenson/status/1344076238827098112
·osdfir.blogspot.com·
#DailyDFIR 364: A new Plaso release (20201228) is here! Updates: libfshfs added as option to improve HFS/HFSX parsing filestat parser supports more timestamp types libfsxfs added to provide XFS support and more! Post with more details: https://t.co/1Q51v6jv7v #DFIR
#DailyDFIR 363: @SANSInstitute is having a free "Cyber Camp" for teens starting TOMORROW: https://t.co/AHsh9e69N9 It looks like a neat event with lots of hands-on learning opportunities (& even a #CTF). I think this info is useful for all not just those getting into #DFIR.
#DailyDFIR 363: @SANSInstitute is having a free "Cyber Camp" for teens starting TOMORROW: https://t.co/AHsh9e69N9 It looks like a neat event with lots of hands-on learning opportunities (& even a #CTF). I think this info is useful for all not just those getting into #DFIR.
http://twitter.com/_RyanBenson/status/1343696918531039233
·sans.org·
#DailyDFIR 363: @SANSInstitute is having a free "Cyber Camp" for teens starting TOMORROW: https://t.co/AHsh9e69N9 It looks like a neat event with lots of hands-on learning opportunities (& even a #CTF). I think this info is useful for all not just those getting into #DFIR.
#DailyDFIR 362: More email forensics: @phillmoore has a write-up on the week 2 @MetaspikeHQ CTF: https://t.co/Sg20XyUPOR Besides walking through the questions Phill has some excellent links in the article for further reading on some of the nuances of analyzing email. #DFIR
#DailyDFIR 362: More email forensics: @phillmoore has a write-up on the week 2 @MetaspikeHQ CTF: https://t.co/Sg20XyUPOR Besides walking through the questions Phill has some excellent links in the article for further reading on some of the nuances of analyzing email. #DFIR
http://twitter.com/_RyanBenson/status/1343421403492544517
·thinkdfir.com·
#DailyDFIR 362: More email forensics: @phillmoore has a write-up on the week 2 @MetaspikeHQ CTF: https://t.co/Sg20XyUPOR Besides walking through the questions Phill has some excellent links in the article for further reading on some of the nuances of analyzing email. #DFIR
#DailyDFIR 361: Want to learn about static malware analysis? @jstrosch has put together an exercise (with solutions) around analyzing a malicious document: https://t.co/VoUpZFEaZ4 These kinds of challenges are great for those interested in #DFIR & like to learn by doing.
#DailyDFIR 361: Want to learn about static malware analysis? @jstrosch has put together an exercise (with solutions) around analyzing a malicious document: https://t.co/VoUpZFEaZ4 These kinds of challenges are great for those interested in #DFIR & like to learn by doing.
http://twitter.com/_RyanBenson/status/1342992959566856193
·github.com·
#DailyDFIR 361: Want to learn about static malware analysis? @jstrosch has put together an exercise (with solutions) around analyzing a malicious document: https://t.co/VoUpZFEaZ4 These kinds of challenges are great for those interested in #DFIR & like to learn by doing.
#DailyDFIR 358: Check out @B1N2H3X talking with @davisrichardg on #CacheUp! Interview: https://t.co/MHpbaUbLle Richard's videos are really well done & packed full of good info; they're a fantastic resource. Here's the @13CubedDFIR channel: https://t.co/duqS8f35Fn #DFIR
#DailyDFIR 358: Check out @B1N2H3X talking with @davisrichardg on #CacheUp! Interview: https://t.co/MHpbaUbLle Richard's videos are really well done & packed full of good info; they're a fantastic resource. Here's the @13CubedDFIR channel: https://t.co/duqS8f35Fn #DFIR
http://twitter.com/_RyanBenson/status/1341917175783645184
·youtube.com·
#DailyDFIR 358: Check out @B1N2H3X talking with @davisrichardg on #CacheUp! Interview: https://t.co/MHpbaUbLle Richard's videos are really well done & packed full of good info; they're a fantastic resource. Here's the @13CubedDFIR channel: https://t.co/duqS8f35Fn #DFIR
#DailyDFIR 358: Check out @B1N2H3X talking with @davisrichardg on #CacheUp! Interview: https://t.co/MHpbaUbLle Richard's videos are really well done & packed full of good info; they're a fantastic resource. Here's the @13CubedDFIR channel: https://t.co/duqS8f35Fn #DFIR
#DailyDFIR 358: Check out @B1N2H3X talking with @davisrichardg on #CacheUp! Interview: https://t.co/MHpbaUbLle Richard's videos are really well done & packed full of good info; they're a fantastic resource. Here's the @13CubedDFIR channel: https://t.co/duqS8f35Fn #DFIR
http://twitter.com/_RyanBenson/status/1341917175783645184
·youtube.com·
#DailyDFIR 358: Check out @B1N2H3X talking with @davisrichardg on #CacheUp! Interview: https://t.co/MHpbaUbLle Richard's videos are really well done & packed full of good info; they're a fantastic resource. Here's the @13CubedDFIR channel: https://t.co/duqS8f35Fn #DFIR
#DailyDFIR 357: @KevinPagano3 digs into the #Google Docs #Android app with a look at what's in the DBs links to SQL queries & ALEAPP parser! https://t.co/F92cBt2Xg7 You can also find references to "cello" in Chrome artifacts; it's good to remember it's Docs-related. #DFIR
#DailyDFIR 357: @KevinPagano3 digs into the #Google Docs #Android app with a look at what's in the DBs links to SQL queries & ALEAPP parser! https://t.co/F92cBt2Xg7 You can also find references to "cello" in Chrome artifacts; it's good to remember it's Docs-related. #DFIR
http://twitter.com/_RyanBenson/status/1341599853105668096
·stark4n6.com·
#DailyDFIR 357: @KevinPagano3 digs into the #Google Docs #Android app with a look at what's in the DBs links to SQL queries & ALEAPP parser! https://t.co/F92cBt2Xg7 You can also find references to "cello" in Chrome artifacts; it's good to remember it's Docs-related. #DFIR
#DailyDFIR 356: A further look at #Chrome's new Media History database in two posts by Kyle Song: https://t.co/gWayOfVQa5 https://t.co/AC4T009c1S In particular I like the experiments to see what gets recorded in the DB. #DFIR (posts are in Korean - Google Translate FTW!)
#DailyDFIR 356: A further look at #Chrome's new Media History database in two posts by Kyle Song: https://t.co/gWayOfVQa5 https://t.co/AC4T009c1S In particular I like the experiments to see what gets recorded in the DB. #DFIR (posts are in Korean - Google Translate FTW!)
http://twitter.com/_RyanBenson/status/1341227733485932545
·kyl3song.github.io·
#DailyDFIR 356: A further look at #Chrome's new Media History database in two posts by Kyle Song: https://t.co/gWayOfVQa5 https://t.co/AC4T009c1S In particular I like the experiments to see what gets recorded in the DB. #DFIR (posts are in Korean - Google Translate FTW!)
#DailyDFIR 356: A further look at #Chrome's new Media History database in two posts by Kyle Song: https://t.co/gWayOfVQa5 https://t.co/AC4T009c1S In particular I like the experiments to see what gets recorded in the DB. #DFIR (posts are in Korean - Google Translate FTW!)
#DailyDFIR 356: A further look at #Chrome's new Media History database in two posts by Kyle Song: https://t.co/gWayOfVQa5 https://t.co/AC4T009c1S In particular I like the experiments to see what gets recorded in the DB. #DFIR (posts are in Korean - Google Translate FTW!)
http://twitter.com/_RyanBenson/status/1341227733485932545
·kyl3song.github.io·
#DailyDFIR 356: A further look at #Chrome's new Media History database in two posts by Kyle Song: https://t.co/gWayOfVQa5 https://t.co/AC4T009c1S In particular I like the experiments to see what gets recorded in the DB. #DFIR (posts are in Korean - Google Translate FTW!)
#DailyDFIR 355: Another round of write-ups for the @MagnetForensics #DFIR #CTF (Week 10): https://t.co/iyqRit4kKB https://t.co/MNih6hKTDg https://t.co/SjdFV5OIET This one focused on memory forensics & Chrome (yay). It was cool to see different approaches. Nice work!
#DailyDFIR 355: Another round of write-ups for the @MagnetForensics #DFIR #CTF (Week 10): https://t.co/iyqRit4kKB https://t.co/MNih6hKTDg https://t.co/SjdFV5OIET This one focused on memory forensics & Chrome (yay). It was cool to see different approaches. Nice work!
http://twitter.com/_RyanBenson/status/1340876305315708929
·bakerstreetforensics.com·
#DailyDFIR 355: Another round of write-ups for the @MagnetForensics #DFIR #CTF (Week 10): https://t.co/iyqRit4kKB https://t.co/MNih6hKTDg https://t.co/SjdFV5OIET This one focused on memory forensics & Chrome (yay). It was cool to see different approaches. Nice work!
#DailyDFIR 355: Another round of write-ups for the @MagnetForensics #DFIR #CTF (Week 10): https://t.co/iyqRit4kKB https://t.co/MNih6hKTDg https://t.co/SjdFV5OIET This one focused on memory forensics & Chrome (yay). It was cool to see different approaches. Nice work!
#DailyDFIR 355: Another round of write-ups for the @MagnetForensics #DFIR #CTF (Week 10): https://t.co/iyqRit4kKB https://t.co/MNih6hKTDg https://t.co/SjdFV5OIET This one focused on memory forensics & Chrome (yay). It was cool to see different approaches. Nice work!
http://twitter.com/_RyanBenson/status/1340876305315708929
·stark4n6.com·
#DailyDFIR 355: Another round of write-ups for the @MagnetForensics #DFIR #CTF (Week 10): https://t.co/iyqRit4kKB https://t.co/MNih6hKTDg https://t.co/SjdFV5OIET This one focused on memory forensics & Chrome (yay). It was cool to see different approaches. Nice work!