#DailyDFIR 156: @Hexacorn has a long-running (124 parts & counting!) truly impressive blog series on Windows persistence mechanisms called "Beyond good ol Run key": https://t.co/i23tMv2hkd Check it out; I've learned a ton from following his research. #DFIR #Malware #Infosec

#DailyDFIR 155: Do you like jigsaw puzzles #DFIR and want to reconstruct RDP screenshots? Then you need to check out @brianjmoran's talk from the #MVS2020! Slides: https://t.co/fLOreJ0FHC Code: https://t.co/17L77zUKMd #DFIR

#DailyDFIR 154: Nice write-up on a new iOS 13 artifact (it was also fun to see the interactions between #DFIR researchers today on Twitter about this artifact). https://t.co/ugxvGZ0NZC

#DailyDFIR 153: Do you need a way to manage threat intel? Check out yeti by @tomchop_ & @Sebdraven! https://t.co/rvCes8YHHE Yeti features: - Organize observables IOCs TTPs & more - Auto-enrichment - Visualize relationships in graphs - Open source #Python - Web UI & API

#DailyDFIR 152: Programming is an essential part of my #DFIR workflow. I know some in the field don't code (and that's fine); I just can't imagine myself doing this job without it. If you want to learn #Python this new free course by @dabeaz looks good: https://t.co/XKV3Efmuk4

#DailyDFIR 151: If you work with Macs check out mac_apt by @SwiftForensics. It parses artifacts from disk images or live machines and just got some cool new features in this update. #DFIR #Python #infosec https://t.co/GmW3oHmuGU

#DailyDFIR 150: Interested in doing #DFIR in multiple clouds with open source tools? Check out libcloudforensics! Features: Copy disks Query cloud logs Auto create analysis VMs Works on #AWS & #GCP; #Azure coming soon! https://t.co/0aptakqjiA #DFIR #Python #Infosec

#DailyDFIR 148: We've seen a big increase in virtual #DFIR events (which has been awesome!) including CTFs. If you want to build your own CTF @Russ_Taylor_ has a helpful guide documenting his experiences & advice on creating them: https://t.co/JJzl3Jm68k #CTF #Infosec

#DailyDFIR 147: If you write technical content about #DFIR this is a great resource. Going through the whole peer-review process for a traditional journal can be a bit daunting; @DFIRReview is a nice way to ease into that world. https://t.co/BorclJlLeN

#DailyDFIR 146: The papers from the 12th Conference on Cyber Conflict are up! 19 papers on how cyberspace & cyber conflict will evolve in the 2020s covering technical strategic & legal topics. https://t.co/DLcJTMLq61 Not exactly light holiday reading but good stuff! #DFIR

#DailyDFIR 145: "Recovering & Replaying Garmin Voice Instructions" by @Cheeky4n6Monkey is a fun bit of analysis. It has data recovery log parsing & a script to "speak" the phonetic logs into audio files. https://t.co/gbm3HvvFOX You never know what a #DFIR case will entail!

#DailyDFIR 143: @errno_fail's blog has a lot of great technical deep dives into different artifacts with an emphasis on NTFS & Windows artifacts: https://t.co/jIK1J8hGJD He is constantly looking at new releases of Windows for changed or new artifacts! Very helpful. #DFIR

#DailyDFIR 139: "Introduction to DFIR" by @sroberts is older (2016) but holds up well especially a section at the end: T Shaped People. https://t.co/Fl1D7m1YyG #DFIR has many subdisciplines; we can't be equally great in all areas. That's ok. Find others that compliment you. https://t.co/iNwq3tvhPv

#DailyDFIR 138: I've said it before but I'll say it again: check out @phillmoore's "This Week in 4n6" weekly round-up. Lots of great blog posts presentations and videos on #DFIR #RE threat hunting and more! Every week. https://t.co/mOmTBCzY9B

#DailyDFIR 137: Another great post from @josh_hickman1 on detailed timeline artifacts (including from deleted apps) on @Android: https://t.co/sMLKZfixMr I love how detailed Josh's research and write-ups are; great Saturday reading material. #DFIR #Android

#DailyDFIR 136: If you haven't submitted your nominations yet for the @4cast Awards do it! Time is almost out! #DFIR https://t.co/Di40QZaQ4T

#DailyDFIR 135: Want to learn #Python with fellow #DFIR folks? Check out @AlexisBrignoni's group! https://t.co/E0mpn3Bqxy

#DailyDFIR 134: Want to try to write an Unfurl parser but need an idea? How about Zoom? I hear it's popular these days . If you want to try this I'd be happy to help & answer any questions. I made a GitHub issue (https://t.co/A3GwmdFDMa) with some references. #DFIR #Python

#DailyDFIR 133: Congrats everyone who played the @MagnetForensics CTF! The event is over but if you want to work through the challenges at your own pace it's still live at https://t.co/74h3lcAuVd. #MVS2020CTF #DFIR

#DailyDFIR 132: We use hashes a lot in #DFIR; this script performs SHA-256 and shows all the steps! It's a really neat visual. The GitHub page also has nice smaller animations of different functions (shift rotate XOR) that nicely illustrate what they do. #DFIR https://t.co/ocDz3ukSt1

#DailyDFIR 131: Check out iLEAPP 1.2 hot off the presses! Lots of new features I'm eager to try out! #DFIR https://t.co/TnB4SRyIdV

#DailyDFIR 130: A new version of Plaso is here! Highlights: Switch to libfsntfs from TSK for accessing NTFS Performance improvements Support for NTFS directories with case-sensitive entries Support Python 3.8 Blog post: https://t.co/MSU9XyUo1h #DFIR

#DailyDFIR 129: Part 3 of "Deciphering Browser Hieroglyphics" looks at #Chrome's FileSystem and the LevelDB databases behind it including examples from @MegaPrivacy & @Google Docs: https://t.co/zTXKd7XEGE #DFIR #LevelDB #Python

#DailyDFIR 128: Continuing with "Deciphering Browser Hieroglyphics" part 2 explores #Chrome's LocalStorage featuring CyberChef! https://t.co/EP7lFJu2Pg #DFIR #Slack #CyberChef

#DailyDFIR 127: Digging into #Chrome or something Chromium-based (like Electron apps)? My "Deciphering Browser Hieroglyphics" post might help you. There is way more to Chrome than SQLite! Part 1 is "Introduction to Chromotopia": https://t.co/lL9jitTF4O #DFIR #TBT

#DailyDFIR 126: This is a great looking challenge! It's nice to see variety in device and OS types becoming more common in these #DFIR challenges; helps you refresh skills you might use on a daily basis. Thanks @champdfa! Now if only I can find the time... https://t.co/M5qUeDhEtT

#DailyDFIR 125: Check out this great thread from @mattnotmax on timestamps from a while back. Come for the guided tour of different timestamps you may see in #DFIR stay for the GIFs . https://t.co/9uIE5DVFei

#DailyDFIR 124: Browser extensions are great but those extra features they add can also add more forensic artifacts. @Russ_Taylor_ has a nice post on recovering browsing activities from NoScript on #Firefox: https://t.co/wI2OQgtCU9 #DFIR

#DailyDFIR 123: For some Saturday #DFIR reading check out @forensicmike1's very timely look at a COVID-19 contract tracing app: https://t.co/R9X2L1mWwD

#DailyDFIR 122: Want to learn #DFIR? There are many virtual conferences #CTFs & trainings in May! https://t.co/Pg1KC3Ar6y by @DfirDiva https://t.co/uaRwtnNQkd by @MagnetForensics https://t.co/HFaMRdskd9 by @DFIRTraining https://t.co/fSN5Iak9bK by @aboutdfir #DFIR