#DailyDFIR 218: A new version of Unfurl is here! v20200729 adds: improved Google Search URL parsing (RLZ & EI params) 7 more short-link expansions (25 total) DuckDuckGo parsing mailto parsing better Docker setup More details: https://t.co/RkB6WhM38d #DFIR #Python

#DailyDFIR 217: Check out @B1N2H3X interviewing @josh_hickman1 on @MagnetForensics' #CacheUp! Two great people doing a lot for the community. https://t.co/AS3EXsKTJm #DFIR #mobile4n6

#DailyDFIR 215: I had a nice chat with @Celldet about how I got started in #DFIR thoughts on coding & understanding artifacts and of course Unfurl ! https://t.co/8Hdi9rvRY4

#DailyDFIR 214: On Windows the built-in certutil.exe is a versatile program; it can do way more that show CA cert info or hash things. @phillmoore lays out the artifacts created when certutil.exe is used to download files: https://t.co/yEuhBl2RVW #DFIR #LOLBin

#DailyDFIR 212: See something like rlz=1T4ADBR_enUS236US239 in a #Google Search URL? It's called an RLZ tag & contains: - App used for search - Install language - Install time (to the week) & country - & more! RLZ tags explained & added to Unfurl: https://t.co/taPit7QADA #DFIR https://t.co/O6sI5mdYSu

#DailyDFIR 212: See something like rlz=1T4ADBR_enUS236US239 in a #Google Search URL? It's called an RLZ tag & contains: - App used for search - Install language - Install time (to the week) & country - & more! RLZ tags explained & added to Unfurl: https://t.co/taPit7QADA #DFIR https://t.co/O6sI5mdYSu

#DailyDFIR 211: Chrome v84 arrived last week! No major changes to the DBs; #DFIR tools (including https://t.co/EEFa3JuxMl) should parse it fine. I updated my "Chrome Evolution" visualization if you want to dig into what files make up your browser history: https://t.co/EFjQ4er6BZ https://t.co/p1I9DbOTBv

#DailyDFIR 210: Interested in contributing to an open-source #DFIR project but don't know where to start with git? Intro to git commands: https://t.co/qoQL8lExrg Forensic Lunch with @HECFBlog & @sroberts on git/GitHub: https://t.co/UqpWv5wk2v #Python #git #github

#DailyDFIR 210: Interested in contributing to an open-source #DFIR project but don't know where to start with git? Intro to git commands: https://t.co/qoQL8lExrg Forensic Lunch with @HECFBlog & @sroberts on git/GitHub: https://t.co/UqpWv5wk2v #Python #git #github

#DailyDFIR 209: New plugin to read #macOS DocumentRevisions created by @nicoleibrahim for @SwiftForensics' mac_apt tool! https://t.co/A1GNpMAylb mac_apt is a #Python #DFIR tool to process #Mac disk images or live machines and parse useful artifacts. Check it out!

#DailyDFIR 208: Want to do some Sunday coding? @AlexisBrignoni has put together an awesome #Python study group with a #DFIR slant for those looking to learn to code (or just a refresher). The class is still ongoing but past sessions are on YouTube: https://t.co/Xa1KD8Gyvx

#DailyDFIR 207: A new version of @REMnux is here! Version 7 of the VM packed full of malware analysis tools brings many updates and new tools! https://t.co/Eirt6kE5cj #DFIR @lennyzeltser

#DailyDFIR 206: Excellent post by @BlakDouble on Locations in iOS: https://t.co/FgqQNpaLfO It's clear a massive amount of effort went into researching testing & writing the article. It's a fantastic reference with a lot of background foundational info. Well done! #DFIR

#DailyDFIR 205: @bizzybarney gave a great talk at the #DFIRSummit on iOS 13 artifacts and he has a follow-up post looking at Facial Recognition artifacts in the native Photos app! https://t.co/aCjN8zFGh0 #DFIR

#DailyDFIR 203: This was a great presentation! @josh_hickman1 & @AlexisBrignoni have done some really good research on these artifacts that enable building very detailed timelines of activities on mobile devices. I'm looking forward to what they do next! #DFIR #mobile4n6 https://t.co/vSiqirMyy9

#DailyDFIR 202: @vicomarziale from @blackbagtech has a series of blog posts on "Exploring the Windows Activity Timeline" full of technical details: 1 https://t.co/eG42vIMmMp 2 https://t.co/bkfkrsN8dy 3 https://t.co/TrXufkEMYK Lots to explore in this artifact! #DFIR

#DailyDFIR 201: In my Unfurl talk I covered pulling server creation times (& other timestamps ) from #Discord URLs. With a little bit of #OSINT you can find the name of the @discord server too! Search the ID on https://t.co/yR7IUIXbFg: https://t.co/0O9Ye0BuAk #DFIR https://t.co/deQIpxnxoc

#DailyDFIR 200: In my presentation on Unfurl at the #DFIRSummit I talked (a lot) about extracting things from URLs. I also covered some of my general investigative principles: 1 Use What You Have 2 Automate 3 Recognize Dead Ends 4 Details Matter 5 Context Matters #DFIR https://t.co/1dakNza2H1

#DailyDFIR 198: Thanks to everyone who watched my presentation on Unfurl at the #DFIRSummit today! Use Unfurl online: https://t.co/ZfRisFEVnM Get the code: https://t.co/ASz314wAeh It's been a great first day and I'm looking forward to more talks tomorrow! #DFIR @DFIRSummit https://t.co/tfX4wjctk7

#DailyDFIR 198: Thanks to everyone who watched my presentation on Unfurl at the #DFIRSummit today! Use Unfurl online: https://t.co/ZfRisFEVnM Get the code: https://t.co/ASz314wAeh It's been a great first day and I'm looking forward to more talks tomorrow! #DFIR @DFIRSummit https://t.co/tfX4wjctk7

#DailyDFIR 197: Want to see what information may be hiding in a URL? Come see my presentation on my open source tool Unfurl tomorrow at the @SANSInstitute #DFIRSummit! Agenda: https://t.co/wLC6EYJYgM #DFIR #Python #OpenSource https://t.co/aESkBRbyJs

#DailyDFIR 196: Did you know you can tell when a file attachment was uploaded to #Discord from the URL? Find out how (and much more) when I present on Unfurl at the @DFIRSummit in two days! Agenda: https://t.co/wLC6EYJYgM #DFIR @SANSInstitute #Python #Infosec https://t.co/4j66bcd39a

#DailyDFIR 196: Did you know you can tell when a file attachment was uploaded to #Discord from the URL? Find out how (and much more) when I present on Unfurl at the @DFIRSummit in two days! Agenda: https://t.co/wLC6EYJYgM #DFIR @SANSInstitute #Python #Infosec https://t.co/4j66bcd39a

#DailyDFIR 195: Post from @anthomsec & @x04steve on using automated scanning to track threat actors: https://t.co/85BEGrPKmO It's a good reminder that defense doesn't have to be solely reactive. Having good intel on attacker infrastructure can speed your response considerably.

#DailyDFIR 194: @bigt252002 shares a list of 10 books that will help increase your #DFIR knowledge: https://t.co/rrZM8KvGIX I've read most of these and agree that they are good to have on hard; some technical bits might get a bit dated but core ideas and principles remain.

#DailyDFIR 193: Lots of good mobile #DFIR info in this. I like this version much better for a digital copy rather than panning around a giant poster. https://t.co/BlhTus4BTB

#DailyDFIR 192: OSDFCon is a unique conference focused on open source #DFIR software. Attendees get to pick what talks they'd like to see but today's the last day to vote on the #OSDFCon agenda: https://t.co/bT93fYP4Q8

#DailyDFIR 191: There's more to browser history than visited URLs. @cScottVance from @MagnetForensics talks about some #Safari preferences to be aware of when investigating on #macOS. https://t.co/aWO6Y0hJjv #DFIR

#DailyDFIR 190: https://t.co/yYRNtjkQuf is an interesting tool for #OSINT (Google search as if you were in a different place). It's also useful to test Unfurl; for example I added the "uule" param long ago but hadn't seen it used before: https://t.co/yEwy6l1txt #DFIR https://t.co/V5rgP4HXqu

#DailyDFIR 190: https://t.co/yYRNtjkQuf is an interesting tool for #OSINT (Google search as if you were in a different place). It's also useful to test Unfurl; for example I added the "uule" param long ago but hadn't seen it used before: https://t.co/yEwy6l1txt #DFIR https://t.co/V5rgP4HXqu