#DailyDFIR 279: Check out @lor1050's write-ups exploring ProtonMail on #Android and #iOS: https://t.co/d7l9oBdw0L https://t.co/9ISZtP3xrE #DFIR #mobile4n6

#DailyDFIR 278: I still have some Unfurl stickers left! If you'd like one send me a DM or email with where you'd like it sent (while they last). I've loved all the stickers being sent around in #DFIR; it makes not having live conferences a bit better. https://t.co/MpnnnnrxOH

#DailyDFIR 277: Nice post by @_D00mfist (from @SpecterOps) outlining a #macOS persistence technique. It uses the Dock and is similar in concept to persisting via Windows .LNK files: https://t.co/GEAsYB2sGT Bonus points for including detection tips as well! #DFIR

#DailyDFIR 276: The #OSDFCon agenda has been released. It's online free and you can still register! Agenda: https://t.co/rCX3pZW8Yv Register: https://t.co/nrIU6KcrAf Come see talks about great #opensource #DFIR tools!

#DailyDFIR 276: The #OSDFCon agenda has been released. It's online free and you can still register! Agenda: https://t.co/rCX3pZW8Yv Register: https://t.co/nrIU6KcrAf Come see talks about great #opensource #DFIR tools!

#DailyDFIR 275: Hunting for webshells? Check out this tool & post by @Tstillz1. It's cross-platform multi-threaded and handles many obfuscation types: Post : https://t.co/DRMOGqCF6S Tool : https://t.co/V67UAGecqT #DFIR #webshell #Golang

#DailyDFIR 275: Hunting for webshells? Check out this tool & post by @Tstillz1. It's cross-platform multi-threaded and handles many obfuscation types: Post : https://t.co/DRMOGqCF6S Tool : https://t.co/V67UAGecqT #DFIR #webshell #Golang

#DailyDFIR 274: @SANSInstitute is hosting a free online event tomorrow (Oct-1) called "BIPOC in Cybersecurity Forum: From Inclusion to Equity" hosted by @hexplates & @stephenahart and featuring many more great speakers. Check it out! https://t.co/st0FGaZklk #DFIR #InfoSec

#DailyDFIR 273: A few weeks ago I was on "Life Has No CtrlAltDel" with @HeatherMahalik giving an overview of Unfurl (https://t.co/H5XHNrawum) how to use it & walking through (many) examples. The video recording is now up! https://t.co/7vf7frXS3f #DFIR @Cellebrite_UFED

#DailyDFIR 272: @NW3CNews is back with another round of small CTFs! The last ones were fun and this new set is focused on #OSINT. Starts October 4th sign up: https://t.co/UvyAgJ8fDf #CTF #DFIR

#DailyDFIR 271: In case you missed @DFRWS USA 2020 (like me) @ForensicFocus has a nice recap of the event: https://t.co/MrOhPecob4 Lots of interesting talks I'd love to see; anyone know if recordings will be posted? Since it was virtual I'm hoping there's a chance. #DFIR

#DailyDFIR 270: Check out @joachimmetz's post on testing digital forensic data processing tools: https://t.co/h6MWv5Is6v The work we do in #DFIR is important; it can have serious consequences. It's important that our tools are as robust accurate & transparent as possible.

#DailyDFIR 269: My "Tinkering with TikTok Timestamps" post finished peer-review and is posted on @DFIRReview! Check it out if you want to learn how to extract when a #TikTok video was posted from the URL alone (even if video is deleted or private). #DFIR https://t.co/lMJHmdYrBG https://t.co/lPI3NEjwr9

#DailyDFIR 269: My "Tinkering with TikTok Timestamps" post finished peer-review and is posted on @DFIRReview! Check it out if you want to learn how to extract when a #TikTok video was posted from the URL alone (even if video is deleted or private). #DFIR https://t.co/lMJHmdYrBG https://t.co/lPI3NEjwr9

@forensicmike1 @rasriis Yeah definitely. @CiofecaForensic has a great post on iteratively building a .proto (https://t.co/MiQWuMY3V6) and @SwiftForensics has one comparing different protobuf-decoding methods (https://t.co/uUnzmg9GAj)

obsidianforensics/unfurl

nccgroup/blackboxprotobuf

#DailyDFIR 268: If you've looked at Google search URLs you might have noticed the "ved" parameter in query string. Some fun facts about it: There are four versions of the "ved" Two versions contain timestamps More: https://t.co/HqnumPxVDZ #DFIR #OSINT #TBT https://t.co/Urc3bckXwa

#DailyDFIR 268: If you've looked at Google search URLs you might have noticed the "ved" parameter in query string. Some fun facts about it: There are four versions of the "ved" Two versions contain timestamps More: https://t.co/HqnumPxVDZ #DFIR #OSINT #TBT https://t.co/Urc3bckXwa

#DailyDFIR 267: This is just so so great. Give it a read. #DFIR https://t.co/004LZoo7Lh

RT @ludoblock: There is so much (more) to learn from URLs see this very comprehensive talk by @_RyanBenson on Unfurl: https://t.co/zRXl4ubWVv I should say this is mandatory stuff for any #OSINT practitioner.

#DailyDFIR 266: Looking for a #DFIR CTF to test your skills? How about dozens of them with walkthroughs on a wide range of topics? Check out the "Challenges & CTFs" page: https://t.co/fSN5Iak9bK

RT @TroySchnack: Thanks @_RyanBenson for the stickers!! If you havent used his tool yet its time. https://t.co/jXjluug6n0 https://t.co/O6VQ9OoeTi

#DailyDFIR 265: More #iOS14 #DFIR resources: @HeatherMahalik reviews different acquisition methods & common artifacts for iOS 14: https://t.co/7ujgXtEAfS checkra1n support for iOS 14 (older devices only): https://t.co/9FiJGm1p5N #mobile4n6

#DailyDFIR 265: More #iOS14 #DFIR resources: @HeatherMahalik reviews different acquisition methods & common artifacts for iOS 14: https://t.co/7ujgXtEAfS checkra1n support for iOS 14 (older devices only): https://t.co/9FiJGm1p5N #mobile4n6

RT @Cheeky4n6Monkey: Watch @_RyanBenson's SANS DFIR Summit 2020 presentation to learn more about his cool tool "unfurl" here: https://t.co/UoPbnlNZmG Bonus: Ryan also highlights some interesting "hidden" URL parameter/metadata e.g. timestamps GUIDs. Aweseome stuff!

#DailyDFIR 264: New blog started by @theAtropos4n6 has some nice posts on cloud sync apps (Dropbox Google Drive) and the Chrome Logins database: https://t.co/llBImRkAPr Great job excited to see what comes next! #DFIR

#DailyDFIR 263: This detailed post by @CiofecaForensic shows the iterative process of detective work used to build a .proto file for an unknown protobuf: https://t.co/MiQWuMY3V6 If you are interested in learning to decipher unknown protobufs this post is a great read. #DFIR

#DailyDFIR 262: Check out the video of @williballenthin's talk on automatically identifying malware capabilities with their open source capa tool: https://t.co/xaVC4NxGDV Great talk from the @SANSInstitute @DFIRSummit. #DFIR #RE

#DailyDFIR 261: iOS 14 is here! Here's a few "what's changed for #DFIR" posts: https://t.co/Eg0QA60lNm & https://t.co/albpK5v6oR by @cScottVance https://t.co/aebZ5Mqpf9 by @CiofecaForensic tl;dr: it's mostly the same (minor changes). More differences will appear as we dig in.