#DailyDFIR 355: Another round of write-ups for the @MagnetForensics #DFIR #CTF (Week 10): https://t.co/iyqRit4kKB https://t.co/MNih6hKTDg https://t.co/SjdFV5OIET This one focused on memory forensics & Chrome (yay). It was cool to see different approaches. Nice work!

#DailyDFIR 354: @mattiaep starts a series on #IoT forensics starting with digging into a Smart refrigerator from the @vto_labs dataset: Blog: https://t.co/yrgVhPfCFI IoT dataset: https://t.co/UbQ1VRKZ9S It's always interesting seeing what's extracted from these devices! #DFIR

#DailyDFIR 354: @mattiaep starts a series on #IoT forensics starting with digging into a Smart refrigerator from the @vto_labs dataset: Blog: https://t.co/yrgVhPfCFI IoT dataset: https://t.co/UbQ1VRKZ9S It's always interesting seeing what's extracted from these devices! #DFIR

#DailyDFIR 353: Want to see what a user did in #Chrome? Hindsight is an open source tool for analyzing a wide range of Chrome artifacts: https://t.co/B7fJ9TxeZh For those who've used it before there's more good stuff coming soon - a few cool new features in the works! #DFIR https://t.co/SsLsNK2c5T

#DailyDFIR 353: Want to see what a user did in #Chrome? Hindsight is an open source tool for analyzing a wide range of Chrome artifacts: https://t.co/B7fJ9TxeZh For those who've used it before there's more good stuff coming soon - a few cool new features in the works! #DFIR https://t.co/SsLsNK2c5T

#DailyDFIR 352: @kviddy has two posts on LevelDB & Chrome's IndexedDB... & a parser in #Python! https://t.co/VewlTlh29F https://t.co/QW6Zdkkrt0 https://t.co/iQ4EXJJCyJ LevelDB is in many places in Chrome (& beyond); this code makes parsing it much easier. Thanks Alex!

#DailyDFIR 352: @kviddy has two posts on LevelDB & Chrome's IndexedDB... & a parser in #Python! https://t.co/VewlTlh29F https://t.co/QW6Zdkkrt0 https://t.co/iQ4EXJJCyJ LevelDB is in many places in Chrome (& beyond); this code makes parsing it much easier. Thanks Alex!

#DailyDFIR 352: @kviddy has two posts on LevelDB & Chrome's IndexedDB... & a parser in #Python! https://t.co/VewlTlh29F https://t.co/QW6Zdkkrt0 https://t.co/iQ4EXJJCyJ LevelDB is in many places in Chrome (& beyond); this code makes parsing it much easier. Thanks Alex!

#DailyDFIR 351: The "ved" parameter in a Google search URL gives insight about the link that was clicked on. A new type (starting with 2) was spotted in early 2020 but the older types are still prevalent. Info on ved types & parsing: https://t.co/HqnumPxVDZ #DFIR #OSINT https://t.co/JGAQIPpxWj

#DailyDFIR 350: @SecHubb launched a new mini-series called "12 Days of Defense" covering some of the common tasks those beginning in #DFIR or SOC work are likely to encounter: https://t.co/lkzWfRjVmg There are 5 videos out now with more coming each day! Check it out!

#DailyDFIR 349: Many open source #DFIR projects use #Git - which can be a bit confusing especially when starting out. This interactive site visualizes what git commands do: https://t.co/UdM8mJNfNI It's neat how the tree graphic updates as you type commands! #Python #github

#DailyDFIR 348: There a bunch of #DFIR #CTFs out there now (which is great!) @MetaspikeHQ has one that's a bit different - it's focused on email forensics: https://t.co/TvUlaEhe6b I don't do this kind of analysis often so it's nice to practice these skills.

#DailyDFIR 347: This day a year ago I released Unfurl. A lot has happened in the world in that year (bit of an understatement I know). I'm thankful for the kind words and contributions (both code & ideas) to Unfurl from the #DFIR community. More to come this next year! https://t.co/JWtKZVLQpN

#DailyDFIR 346: I've added JSON file expansion to the "Chrome Evolution" visualization: https://t.co/EFjQ4er6BZ JSON files (Bookmarks Preferences etc) hold valuable info. Like SQLite DBs their structure changes over #Chrome versions; now you can expand & explore it! #DFIR https://t.co/kOAMd6VBtC

#DailyDFIR 345: The 2020 @SANSInstitute #HolidayHack Challenge is here! Challenge: https://t.co/Gy1amgLWHm Welcome & Tips video: https://t.co/KcViKto8rA This is a fun annual holiday-themed #DFIR #CTF (with lots of hidden surprises!)

#DailyDFIR 345: The 2020 @SANSInstitute #HolidayHack Challenge is here! Challenge: https://t.co/Gy1amgLWHm Welcome & Tips video: https://t.co/KcViKto8rA This is a fun annual holiday-themed #DFIR #CTF (with lots of hidden surprises!)

#DailyDFIR 344: Here are two posts on the @MagnetForensics memory forensics #CTF: https://t.co/3mqSbFOfwK by @KevinPagano3 https://t.co/rufVkAauGr by @dwmetz It's nice to see how others do #DFIR; you'll often learn new things! I didn't know about MemProcFS but it looks neat.

#DailyDFIR 344: Here are two posts on the @MagnetForensics memory forensics #CTF: https://t.co/3mqSbFOfwK by @KevinPagano3 https://t.co/rufVkAauGr by @dwmetz It's nice to see how others do #DFIR; you'll often learn new things! I didn't know about MemProcFS but it looks neat.

#DailyDFIR 343: @B1N2H3X has a post about many ways to share in #DFIR: https://t.co/hCFjRAcUeq It's more than just "write a blog post" (although that is good to do!) There are so many ways to share & contribute and Jessica does a great job leading by example on this front.

#DailyDFIR 342: @SwiftForensics will be talking about Spotlight indexing on #iOS & #macOS in a free webinar from @NW3CNews! Starts in two hours: 9am Pacific / 12pm Eastern Register: https://t.co/bBnHQM5QTQ There's very interesting data in Spotlight; it's a great for #DFIR

#DailyDFIR 341: See search suggestions in the #Chrome omnibox with a picture & bit of context? If you click that suggestion and do the search the search results URL has a gs_ssp parameter. It's base64zipprotobuf & Unfurl (https://t.co/H5XHNrawum) can parse it for you! #DFIR https://t.co/DhpZoAmPOG

#DailyDFIR 340: Expecting more evidence from a phone than you got? This post from @HeatherMahalik describes how you can determine if (& if so when) an #iOS device was wiped: https://t.co/e9XWyefTjo #DFIR #mobile4n6

#DailyDFIR 339: A new version of APOLLO from @iamevltwin is out! Lots of updates for iOS14 & macOS 11 and also added "gather" functions to collect the SQLite DBs from target devices: Blog: https://t.co/83Jh8dKcYC Tool: https://t.co/myaQ8hv83g #DFIR #mac4n6 #Python

#DailyDFIR 339: A new version of APOLLO from @iamevltwin is out! Lots of updates for iOS14 & macOS 11 and also added "gather" functions to collect the SQLite DBs from target devices: Blog: https://t.co/83Jh8dKcYC Tool: https://t.co/myaQ8hv83g #DFIR #mac4n6 #Python

#DailyDFIR 338: Looking for a #DFIR tool reference or video but aren't quite sure which one? @KevinPagano3 has a @startme page that might help you out: https://t.co/NKeITluoB4 I like looking through people's lists of tools & resources; I almost always find something new!

#DailyDFIR 337: @theAtropos4n6 has a post on examining Windows Event Logs to identify volumes & VSNs on USB drives: https://t.co/J8dwfGi731 This isn't a new artifact but the thorough research methodology could help you see something that otherwise might be overlooked. #DFIR

#DailyDFIR 336: I'm not sure how or when but I have a feeling that the M1 Mac clock ticking every 41.67 ns (instead of every 1 ns) is going to cause #DFIR pain: https://t.co/rNwjQmR0Ge @howardnoakley's blog is a great source of in-depth technical explanations on Mac topics!

#DailyDFIR 335: There's a great deal from @humble right now - while it's called the "Hacking 101" bundle it has great #DFIR titles from @nostarch like @mikesiko's Practical Malware Analysis & @chrissanders88's Practical Packet Analysis: https://t.co/AW0xinFFoM Check it out!

#DailyDFIR 334: Lots of CTFs free online training and career fairs! Good stuff here as always. #DFIR https://t.co/cRu8VDE7QA

RT @DfirDiva: TeePublic is having a Black Friday sale. Everything in my shop is up to 35% off. https://t.co/9EQsWK4yiv https://t.co/quZHzwd5aq