#DailyDFIR 261: iOS 14 is here! Here's a few "what's changed for #DFIR" posts: https://t.co/Eg0QA60lNm & https://t.co/albpK5v6oR by @cScottVance https://t.co/aebZ5Mqpf9 by @CiofecaForensic tl;dr: it's mostly the same (minor changes). More differences will appear as we dig in.

#DailyDFIR 261: iOS 14 is here! Here's a few "what's changed for #DFIR" posts: https://t.co/Eg0QA60lNm & https://t.co/albpK5v6oR by @cScottVance https://t.co/aebZ5Mqpf9 by @CiofecaForensic tl;dr: it's mostly the same (minor changes). More differences will appear as we dig in.

Ryan Benson on Twitter

#DailyDFIR 260: You can tell when a file attachment was uploaded to @discord just from the URL. In @AlexisBrignoni's example in his blog post the message timestamp is slightly after the embedded file upload timestamp. https://t.co/DAqqNi485l Nice bit of confirmation! #DFIR https://t.co/OzNtyorc43

#DailyDFIR 260: You can tell when a file attachment was uploaded to @discord just from the URL. In @AlexisBrignoni's example in his blog post the message timestamp is slightly after the embedded file upload timestamp. https://t.co/DAqqNi485l Nice bit of confirmation! #DFIR https://t.co/OzNtyorc43

Continuing on the search engines theme: #DailyDFIR 259: Unfurl can also parse @DuckDuckGo search URLs: https://t.co/zR9cP4VhjV #DFIR #DDG https://t.co/VgkH0bNf3v

Continuing on the search engines theme: #DailyDFIR 259: Unfurl can also parse @DuckDuckGo search URLs: https://t.co/zR9cP4VhjV #DFIR #DDG https://t.co/VgkH0bNf3v

Ryan Benson on Twitter

#DailyDFIR 258: The video of my talk on Unfurl (https://t.co/H5XHNrawum) at the @SANSInstitute #DFIRSummit is up! https://t.co/2r4GcoPskd I covered what Unfurl is how it works interesting use cases general investigative principles & where to get it! #DFIR @DFIRSummit

#DailyDFIR 258: The video of my talk on Unfurl (https://t.co/H5XHNrawum) at the @SANSInstitute #DFIRSummit is up! https://t.co/2r4GcoPskd I covered what Unfurl is how it works interesting use cases general investigative principles & where to get it! #DFIR @DFIRSummit

#DailyDFIR 257: You probably know that Unfurl can parse Google searches but did you know it can also parse @bing search URLs? https://t.co/rElur0UivP There isn't as much there but still some potentially interesting things. #DFIR https://t.co/SS9hOkvXiZ

#DailyDFIR 257: You probably know that Unfurl can parse Google searches but did you know it can also parse @bing search URLs? https://t.co/rElur0UivP There isn't as much there but still some potentially interesting things. #DFIR https://t.co/SS9hOkvXiZ

#DailyDFIR 256: It's almost time ... #DFIR #ILikeTimestampsTooMuch https://t.co/HVnKgbZ9aY

#DailyDFIR 255: Check out the new release from @AlexisBrignoni! SQLite output for ILEAPP and ALEAPP is great for integration with other tools. #DFIR https://t.co/vaqFa3HGie

#DailyDFIR 254: @MwOsint & @Sector035 describe how they went from noticing a suspicious account to unravelling a massive scam and demonstrate some great #OSINT tools & techniques along the way! https://t.co/EW6s6ZlO0P #DFIR #OSINT #maltego

#DailyDFIR 253: @SteveSyfuhs has a detailed step-by-step explanation of the Windows logon process: https://t.co/2m610vN9vi Of all the many bits of deep technical knowledge in #DFIR you never know which is the one that will prove critical in a case.

#DailyDFIR 252: @13CubedDFIR has a video overview of plaso & log2timeline great for if you've heard of the tools but have questions on how to use them: https://t.co/Da5vhDALrx The video covers using Timeline Explorer to view the output but you can also use Timesketch #DFIR

More on the topic of understanding file formats: #DailyDFIR 251: @hackerfactor writes about how he extended his "Hidden Pixels" analyzer to detect additional types of hidden data in PNGs: https://t.co/CWlgBJk5bi Fun tidbit: most of the "stego" he encounters is for #DFIR CTFs

#DailyDFIR 250: Have a long command on Linux that you're trying to make sense of? Check out explainshell! https://t.co/Nbhv1bGj5Z I think the interface is really nice and like the hover interactions. It was definitely part of my inspiration for Unfurl. #DFIR #bash #Linux https://t.co/iOh2rioB51

#DailyDFIR 250: Have a long command on Linux that you're trying to make sense of? Check out explainshell! https://t.co/Nbhv1bGj5Z I think the interface is really nice and like the hover interactions. It was definitely part of my inspiration for Unfurl. #DFIR #bash #Linux https://t.co/iOh2rioB51

#DailyDFIR 249: Understanding file formats can be key in #DFIR. This is a nice examination of the JPEG file format including #Python code: https://t.co/6VZHogAtRr #DFIR

#DailyDFIR 248: @cScottVance has a series of posts exploring the "Tile" app. The app helps users track & find objects so it makes sense that there's a ton of interesting location data in it! 1 https://t.co/N1evt8eDYf 2 https://t.co/XXp27xuhaJ 3 https://t.co/FlLdMMw29N #DFIR

#DailyDFIR 248: @cScottVance has a series of posts exploring the "Tile" app. The app helps users track & find objects so it makes sense that there's a ton of interesting location data in it! 1 https://t.co/N1evt8eDYf 2 https://t.co/XXp27xuhaJ 3 https://t.co/FlLdMMw29N #DFIR

#DailyDFIR 248: @cScottVance has a series of posts exploring the "Tile" app. The app helps users track & find objects so it makes sense that there's a ton of interesting location data in it! 1 https://t.co/N1evt8eDYf 2 https://t.co/XXp27xuhaJ 3 https://t.co/FlLdMMw29N #DFIR

#DailyDFIR 247: ICYMI I've found a way to extract embedded timestamps from #TikTok IDs (). This means we can tell when a TikTok was posted (or an account was created) just from the URL! Works even if video is deleted or private. https://t.co/uNqtmNyqY4 #DFIR #OSINT https://t.co/JJ8CjFo5DE

@GPurohit4 @HeatherMahalik Past ones have been posted at https://t.co/YnavMAzgcH I believe this one should be up there as well eventually.

#DailyDFIR 246: Unfurl can expand some short-links. A common question is how? It uses an allowlist of domains & queries them for the 301 Location header. It doesn't reach out to the target sites. #opsec 25 short-link domains supported; full list: https://t.co/dKD0zI9k3X #DFIR https://t.co/J5QOw4biHd

#DailyDFIR 246: Unfurl can expand some short-links. A common question is how? It uses an allowlist of domains & queries them for the 301 Location header. It doesn't reach out to the target sites. #opsec 25 short-link domains supported; full list: https://t.co/dKD0zI9k3X #DFIR https://t.co/J5QOw4biHd

#DailyDFIR 245: I'll be on "Life Does Not Have a CtrlAltDel" with @HeatherMahalik tomorrow demoing Unfurl and answering questions about it! When: 2020-09-02 9:30am PDT (12:30pm EDT) Register: https://t.co/9tN91Xax7x #DFIR #Python

#DailyDFIR 243: Check out all these great #DFIR events in September! Thanks @DfirDiva! https://t.co/0eDVgUflAq