DailyDFIR

#DailyDFIR 148: We've seen a big increase in virtual #DFIR events (which has been awesome!) including CTFs. If you want to build your own CTF @Russ_Taylor_ has a helpful guide documenting his experiences & advice on creating them: https://t.co/JJzl3Jm68k #CTF #Infosec

#DailyDFIR 147: If you write technical content about #DFIR this is a great resource. Going through the whole peer-review process for a traditional journal can be a bit daunting; @DFIRReview is a nice way to ease into that world. https://t.co/BorclJlLeN

#DailyDFIR 146: The papers from the 12th Conference on Cyber Conflict are up! 19 papers on how cyberspace & cyber conflict will evolve in the 2020s covering technical strategic & legal topics. https://t.co/DLcJTMLq61 Not exactly light holiday reading but good stuff! #DFIR

#DailyDFIR 145: "Recovering & Replaying Garmin Voice Instructions" by @Cheeky4n6Monkey is a fun bit of analysis. It has data recovery log parsing & a script to "speak" the phonetic logs into audio files. https://t.co/gbm3HvvFOX You never know what a #DFIR case will entail!

#DailyDFIR 143: @errno_fail's blog has a lot of great technical deep dives into different artifacts with an emphasis on NTFS & Windows artifacts: https://t.co/jIK1J8hGJD He is constantly looking at new releases of Windows for changed or new artifacts! Very helpful. #DFIR

#DailyDFIR 139: "Introduction to DFIR" by @sroberts is older (2016) but holds up well especially a section at the end: T Shaped People. https://t.co/Fl1D7m1YyG #DFIR has many subdisciplines; we can't be equally great in all areas. That's ok. Find others that compliment you. https://t.co/iNwq3tvhPv

#DailyDFIR 138: I've said it before but I'll say it again: check out @phillmoore's "This Week in 4n6" weekly round-up. Lots of great blog posts presentations and videos on #DFIR #RE threat hunting and more! Every week. https://t.co/mOmTBCzY9B

#DailyDFIR 137: Another great post from @josh_hickman1 on detailed timeline artifacts (including from deleted apps) on @Android: https://t.co/sMLKZfixMr I love how detailed Josh's research and write-ups are; great Saturday reading material. #DFIR #Android

#DailyDFIR 136: If you haven't submitted your nominations yet for the @4cast Awards do it! Time is almost out! #DFIR https://t.co/Di40QZaQ4T

#DailyDFIR 135: Want to learn #Python with fellow #DFIR folks? Check out @AlexisBrignoni's group! https://t.co/E0mpn3Bqxy

#DailyDFIR 134: Want to try to write an Unfurl parser but need an idea? How about Zoom? I hear it's popular these days . If you want to try this I'd be happy to help & answer any questions. I made a GitHub issue (https://t.co/A3GwmdFDMa) with some references. #DFIR #Python

#DailyDFIR 133: Congrats everyone who played the @MagnetForensics CTF! The event is over but if you want to work through the challenges at your own pace it's still live at https://t.co/74h3lcAuVd. #MVS2020CTF #DFIR

#DailyDFIR 132: We use hashes a lot in #DFIR; this script performs SHA-256 and shows all the steps! It's a really neat visual. The GitHub page also has nice smaller animations of different functions (shift rotate XOR) that nicely illustrate what they do. #DFIR https://t.co/ocDz3ukSt1

#DailyDFIR 131: Check out iLEAPP 1.2 hot off the presses! Lots of new features I'm eager to try out! #DFIR https://t.co/TnB4SRyIdV

#DailyDFIR 130: A new version of Plaso is here! Highlights: Switch to libfsntfs from TSK for accessing NTFS Performance improvements Support for NTFS directories with case-sensitive entries Support Python 3.8 Blog post: https://t.co/MSU9XyUo1h #DFIR

#DailyDFIR 129: Part 3 of "Deciphering Browser Hieroglyphics" looks at #Chrome's FileSystem and the LevelDB databases behind it including examples from @MegaPrivacy & @Google Docs: https://t.co/zTXKd7XEGE #DFIR #LevelDB #Python

#DailyDFIR 128: Continuing with "Deciphering Browser Hieroglyphics" part 2 explores #Chrome's LocalStorage featuring CyberChef! https://t.co/EP7lFJu2Pg #DFIR #Slack #CyberChef

#DailyDFIR 127: Digging into #Chrome or something Chromium-based (like Electron apps)? My "Deciphering Browser Hieroglyphics" post might help you. There is way more to Chrome than SQLite! Part 1 is "Introduction to Chromotopia": https://t.co/lL9jitTF4O #DFIR #TBT

#DailyDFIR 126: This is a great looking challenge! It's nice to see variety in device and OS types becoming more common in these #DFIR challenges; helps you refresh skills you might use on a daily basis. Thanks @champdfa! Now if only I can find the time... https://t.co/M5qUeDhEtT

#DailyDFIR 125: Check out this great thread from @mattnotmax on timestamps from a while back. Come for the guided tour of different timestamps you may see in #DFIR stay for the GIFs . https://t.co/9uIE5DVFei

#DailyDFIR 124: Browser extensions are great but those extra features they add can also add more forensic artifacts. @Russ_Taylor_ has a nice post on recovering browsing activities from NoScript on #Firefox: https://t.co/wI2OQgtCU9 #DFIR

#DailyDFIR 123: For some Saturday #DFIR reading check out @forensicmike1's very timely look at a COVID-19 contract tracing app: https://t.co/R9X2L1mWwD

#DailyDFIR 122: Want to learn #DFIR? There are many virtual conferences #CTFs & trainings in May! https://t.co/Pg1KC3Ar6y by @DfirDiva https://t.co/uaRwtnNQkd by @MagnetForensics https://t.co/HFaMRdskd9 by @DFIRTraining https://t.co/fSN5Iak9bK by @aboutdfir #DFIR

#DailyDFIR 121: Parsing the $MFT from an NTFS volume? @joachimmetz dives into the details of parsing the challenges and edge cases to be aware of: https://t.co/iFqiOdmE4m #DFIR

#DailyDFIR 120: Did you hear @aarontpeterson talk about Turbinia on the Forensic Lunch & want to learn more? Resources: Forensic Lunch: https://t.co/Nh4eSiLFBo Blog Post: https://t.co/pr6WRpdB1e Code lab: https://t.co/QgsV8MVhIe GitHub: https://t.co/hx5tZScLfo #DFIR

#DailyDFIR 119: Want a test file for a #DFIR tool but don't want to use one you've created (for privacy/other reasons)? The Plaso test_data & the dfirlabs "specimens" may have what you need: https://t.co/Pcli2LPS1v https://t.co/RJra22Mmie Many app & file system artifacts!

#DailyDFIR 117: If you are looking to learn mobile forensics @mattiaep's "Build Your Own Methodology" post/presentation has a fantastic collection of tools books scripts blogs and references: https://t.co/jJg0jqnXpM Bookmark & revisit later too so much good stuff #DFIR

#DailyDFIR 116: Lots of good stuff this week in @phillmoore's This Week in 4n6; check it out! It's a great way to keep up with all the new content being created for #DFIR https://t.co/xuwoX9jJSs

#DailyDFIR 115: Some of @Google's #DFIR team will be on @HECFBlog's forensic lunch talking about our open source forensic tools! It's going to be packed with people tools & knowledge: https://t.co/Wa3ifEP5RY It's 90 min from NOW (at 8am Pacific / 11am Eastern) Don't miss it!

#DailyDFIR 114: Playing an online CTF? I created a Python notebook & write-up showing how I answered questions in the @MagnetForensics #CTF using open source tools: Plaso Timesketch Colab / #Python Blog: https://t.co/gqxATPnacm Notebook: https://t.co/nj9EMUuzd2 #DFIR