#DailyDFIR 308: If you want a break from watching the election results come in the @DFRWS YouTube channel has begun posting talks from the DFRWS USA 2020 conference: https://t.co/9jrnQI4rGT #DFIR

#DailyDFIR 307: If you like #Python and #DFIR come see our #OSDFCon webinar next Monday! We'll work on @DFIRmadness' "Stolen Szechuan Sauce" scenario using #OpenSource tools. https://t.co/YqOTNh3eDZ

#DailyDFIR 306: Happy end of Daylight Savings Time! (maybe depending on where you are.) If all these clock shenanigans have ever driven you a bit nuts during an incident this guy can relate: https://t.co/sebzEbtucr #DFIR

#DailyDFIR 305: Happy Halloween! Check out "Spooky RYUKy: The Return of UNC1878" with @likethecoins @Wanna_VanTa and @x04steve: https://t.co/Myj8KjLjON #DFIR #ThreatHunting @SANSInstitute

#DailyDFIR 304: @ElcomSoft's blog just hit the 500 posts mark! That's quite the accomplishment. In addition to the hundreds of posts they've written they also list some free or open source tools you can add to your arsenal: https://t.co/VBwbgeN5ZD #DFIR #mobile4n6

#DailyDFIR 301: Today on #CacheUp with @B1N2H3X I talked a little about how I've generated test "user data" for every version of Chrome to use for tool development. If you'd like more info on the process I use check out: https://t.co/jgm2m5ZxRr #DFIR #Chrome #dataviz #Python

#DailyDFIR 300: I'll be on #CacheUp tomorrow morning! Come watch live or catch the replay/podcast version later. If there's any specific questions or things you'd like to see on the episode let me know! #DFIR https://t.co/BHsW1vqt0n

#DailyDFIR 299: The #CellebriteCTF just went live! Check it out for some mobile forensics challenges! https://t.co/yb7CTmcAtE Even if you are new to analyzing phones give it a try. There's no better way to learn than getting your hands dirty. #DFIR

#DailyDFIR 298: Doing forensics on a mobile device and interested in where it has been? This newest feature for xLEAPP has you covered! It even lets you map it! #DFIR #mobile4n6 https://t.co/ixFBilSzGq

#DailyDFIR 297: You can get free licensed #Windows 7-10 VMs for a variety of #virtualization platforms at: https://t.co/fiCL87zBBq Great resource for #DFIR tool development and testing!

#DailyDFIR 295: @FIRSTdotOrg has released an ethics framework for #DFIR and #infosec teams divided into 12 principles: https://t.co/MIlWHDYEQC Those of us in #DFIR positions often have incredible access power and trust; we need to act ethically and responsibly.

#DailyDFIR 294: Kubernetes is great and all but what happens if you have a security incident and need to investigate the cluster? @jason_solomon explains how to deploy and use GRR to dig into incidents in #k8s: https://t.co/GHy4s9jKQ4 #DFIR #Kubernetes #Docker

#DailyDFIR 293: The videos from #conINT2020 are up on YouTube! Lots of good videos on a wide range #OSINT topics some of which might help you in a #DFIR investigation: https://t.co/9OqK0UtlwG #DFIR @CONINT_io

#DailyDFIR 292: The "Wellbeing" database on #Android devices tracks an incredible amount of things & can be used to create detailed timelines. Watch this video from @AlexisBrignoni & @josh_hickman1 to learn more about it: https://t.co/uIINhbgg9Q #DFIR #mobile4n6 #DFIRSummit

#DailyDFIR 291: Want to know what information you can extract from the @Apple HomePod and other HomeKit devices? Check out this presentation by @mattiaep from the @SANSInstitute @DFIRSummit 2020: https://t.co/0P3kgv6LB6 #DFIR #Apple #iOS

#DailyDFIR 290: @ShaneHuntley on what @Google's Threat Analysis Group is seeing: Phishing by APT groups targeting US elections Threat actors targeting drug companies & COVID-19 researchers Tackling state-sponsored DDoS attacks Post: https://t.co/ummLRFP5pE #DFIR

#DailyDFIR 289: Fun way to help yourself learn to glean a bit of meaning from encoded data. I feel like @cyb3rops looks at base64 about as much as I look at IDs and timestamps #DFIR https://t.co/gN9y9SUgPs

#DailyDFIR 288: A new version (20201007) of Plaso was released last week! Blog post with highlights: https://t.co/EHBVU27Hsm Full list of changes: https://t.co/knlsR7vNXp #DFIR

#DailyDFIR 288: A new version (20201007) of Plaso was released last week! Blog post with highlights: https://t.co/EHBVU27Hsm Full list of changes: https://t.co/knlsR7vNXp #DFIR

#DailyDFIR 287: #Chrome 86 added a new SQLite database: Media History. It tracks (some) videos played watch times and more! I did some testing to see how it works: https://t.co/cm2tCcbHbQ If you have a case where videos watched is key this new artifact might help! #DFIR

#DailyDFIR 286: I've updated my "Chrome Evolution" visualization with the latest #Chrome versions. https://t.co/EFjQ4er6BZ It has interactive collapsible trees for each Chrome version (1-86) showing the files that store browsing history. See how artifacts change! #DFIR https://t.co/Yc54DcH8s3

#DailyDFIR 284: @kal_inko has a three-part analysis of the HealthMate #Android app from @WithingsEN: 1 https://t.co/WbVEhQdEFT 2 https://t.co/bk8lpv0Jiy 3 https://t.co/AH7VHfM1Tj Lots of good stuff in there! Timelines locations users messages & more! #DFIR #mobile4n6

#DailyDFIR 284: @kal_inko has a three-part analysis of the HealthMate #Android app from @WithingsEN: 1 https://t.co/WbVEhQdEFT 2 https://t.co/bk8lpv0Jiy 3 https://t.co/AH7VHfM1Tj Lots of good stuff in there! Timelines locations users messages & more! #DFIR #mobile4n6

#DailyDFIR 284: @kal_inko has a three-part analysis of the HealthMate #Android app from @WithingsEN: 1 https://t.co/WbVEhQdEFT 2 https://t.co/bk8lpv0Jiy 3 https://t.co/AH7VHfM1Tj Lots of good stuff in there! Timelines locations users messages & more! #DFIR #mobile4n6

#DailyDFIR 283: @josh_hickman1 released a new #Android 11 image! Like the others he's done it's great for testing tools exploring data & finding new things to parse. All the user actions are documented so you can compare app data to actions. https://t.co/1SuKYRJRde #DFIR

#DailyDFIR 282: Check out this (free!) #DFIR training from the one & only @carrier4n6! The name may start with "Intro" but being able to divide an investigation into manageable discrete tasks is valuable for all levels. https://t.co/zmTZ5peRJl

A bit more on Zip files... #DailyDFIR 281: @GlassSec had a nice presentation really diving into ZIP internals: https://t.co/Q6LQM4sybG Check out the slides I learned a lot. There's lots of other good #DFIR stuff on his site https://t.co/4g3XxCJoUr (& amazing domain name!)

A bit more on Zip files... #DailyDFIR 281: @GlassSec had a nice presentation really diving into ZIP internals: https://t.co/Q6LQM4sybG Check out the slides I learned a lot. There's lots of other good #DFIR stuff on his site https://t.co/4g3XxCJoUr (& amazing domain name!)

#DailyDFIR 280: Looking at files inside an archive (ZIP 7z RAR or CAB) and seeing some timestamps that just don't quite look right? Check out this post by @joshlemon exploring how the different formats and tools can alter timestamps: https://t.co/8GKsJFVTMI #DFIR

#DailyDFIR 279: Check out @lor1050's write-ups exploring ProtonMail on #Android and #iOS: https://t.co/d7l9oBdw0L https://t.co/9ISZtP3xrE #DFIR #mobile4n6