DailyDFIR

#DailyDFIR 288: A new version (20201007) of Plaso was released last week! Blog post with highlights: https://t.co/EHBVU27Hsm Full list of changes: https://t.co/knlsR7vNXp #DFIR

#DailyDFIR 289: Fun way to help yourself learn to glean a bit of meaning from encoded data. I feel like @cyb3rops looks at base64 about as much as I look at IDs and timestamps #DFIR https://t.co/gN9y9SUgPs

#DailyDFIR 290: @ShaneHuntley on what @Google's Threat Analysis Group is seeing: Phishing by APT groups targeting US elections Threat actors targeting drug companies & COVID-19 researchers Tackling state-sponsored DDoS attacks Post: https://t.co/ummLRFP5pE #DFIR

#DailyDFIR 291: Want to know what information you can extract from the @Apple HomePod and other HomeKit devices? Check out this presentation by @mattiaep from the @SANSInstitute @DFIRSummit 2020: https://t.co/0P3kgv6LB6 #DFIR #Apple #iOS

#DailyDFIR 292: The "Wellbeing" database on #Android devices tracks an incredible amount of things & can be used to create detailed timelines. Watch this video from @AlexisBrignoni & @josh_hickman1 to learn more about it: https://t.co/uIINhbgg9Q #DFIR #mobile4n6 #DFIRSummit

#DailyDFIR 293: The videos from #conINT2020 are up on YouTube! Lots of good videos on a wide range #OSINT topics some of which might help you in a #DFIR investigation: https://t.co/9OqK0UtlwG #DFIR @CONINT_io

#DailyDFIR 294: Kubernetes is great and all but what happens if you have a security incident and need to investigate the cluster? @jason_solomon explains how to deploy and use GRR to dig into incidents in #k8s: https://t.co/GHy4s9jKQ4 #DFIR #Kubernetes #Docker

#DailyDFIR 295: @FIRSTdotOrg has released an ethics framework for #DFIR and #infosec teams divided into 12 principles: https://t.co/MIlWHDYEQC Those of us in #DFIR positions often have incredible access power and trust; we need to act ethically and responsibly.

#DailyDFIR 297: You can get free licensed #Windows 7-10 VMs for a variety of #virtualization platforms at: https://t.co/fiCL87zBBq Great resource for #DFIR tool development and testing!

#DailyDFIR 298: Doing forensics on a mobile device and interested in where it has been? This newest feature for xLEAPP has you covered! It even lets you map it! #DFIR #mobile4n6 https://t.co/ixFBilSzGq

#DailyDFIR 299: The #CellebriteCTF just went live! Check it out for some mobile forensics challenges! https://t.co/yb7CTmcAtE Even if you are new to analyzing phones give it a try. There's no better way to learn than getting your hands dirty. #DFIR

#DailyDFIR 300: I'll be on #CacheUp tomorrow morning! Come watch live or catch the replay/podcast version later. If there's any specific questions or things you'd like to see on the episode let me know! #DFIR https://t.co/BHsW1vqt0n

#DailyDFIR 301: Today on #CacheUp with @B1N2H3X I talked a little about how I've generated test "user data" for every version of Chrome to use for tool development. If you'd like more info on the process I use check out: https://t.co/jgm2m5ZxRr #DFIR #Chrome #dataviz #Python

#DailyDFIR 304: @ElcomSoft's blog just hit the 500 posts mark! That's quite the accomplishment. In addition to the hundreds of posts they've written they also list some free or open source tools you can add to your arsenal: https://t.co/VBwbgeN5ZD #DFIR #mobile4n6

#DailyDFIR 305: Happy Halloween! Check out "Spooky RYUKy: The Return of UNC1878" with @likethecoins @Wanna_VanTa and @x04steve: https://t.co/Myj8KjLjON #DFIR #ThreatHunting @SANSInstitute

#DailyDFIR 306: Happy end of Daylight Savings Time! (maybe depending on where you are.) If all these clock shenanigans have ever driven you a bit nuts during an incident this guy can relate: https://t.co/sebzEbtucr #DFIR

#DailyDFIR 307: If you like #Python and #DFIR come see our #OSDFCon webinar next Monday! We'll work on @DFIRmadness' "Stolen Szechuan Sauce" scenario using #OpenSource tools. https://t.co/YqOTNh3eDZ

#DailyDFIR 308: If you want a break from watching the election results come in the @DFRWS YouTube channel has begun posting talks from the DFRWS USA 2020 conference: https://t.co/9jrnQI4rGT #DFIR

#DailyDFIR 309: It can't help you understand the election but Unfurl can help you understand URLs! A new Unfurl release (20201102) is here! It adds: New examples page Improved parsing of Google & Bing searches Parsing #TikTok IDs & more! Try it: https://t.co/H5XHNrawum https://t.co/MYQy4taOAt

#DailyDFIR 310: UUIDv4 (random) is much more common than UUIDv1 (time- & MAC-based) online these days. But UUIDv1s still do appear & the embedded timestamp may be useful. Example: https://t.co/pxrrUAfUyD PS: Advertising emails are a great source of interesting URLs #DFIR https://t.co/AWzbteVcpO

#DailyDFIR 310: UUIDv4 (random) is much more common than UUIDv1 (time- & MAC-based) online these days. But UUIDv1s still do appear & the embedded timestamp may be useful. Example: https://t.co/pxrrUAfUyD PS: Advertising emails are a great source of interesting URLs #DFIR https://t.co/AWzbteVcpO

#DailyDFIR 311: CyberChef is a fantastic utility that's incredibly useful (and easy to use) for a range of #DFIR & #RE tasks. @GlassSec walks through how to go from "Cybersecurity Zero to Hero with CyberChef" in his talk from @RVAsec 2019: https://t.co/wv1Rv6AdsM

#DailyDFIR 312: @CiofecaForensic has some great write-ups of the recent @Cellebrite CTF. A fantastic thing is that their team used only free tools demonstrating that you can do top-notch analysis on a budget: https://t.co/KUnQBjFXKE #DFIR #mobile4n6 #OpenSource #CTF

#DailyDFIR 313: Myself @el_killerdwarf & @alexanderjaeger will be presenting TOMORROW at 8am Pacific / 11am Eastern on how to use Timesketch and #Python notebooks to solve #DFIR challenges! Register: https://t.co/Ti4s5C9HOy Join us & ask questions! #OpenSource #OSDFCon

#DailyDFIR 314: iLEAPP & ALEAPP by @AlexisBrignoni (& others!) have been on a tear recently with new features: Autopsy integration: https://t.co/qERybp52Ts Map visualizations photo.sqlite parsing update DFRWS video posted: https://t.co/DE5sa8YkUk Check it out! #DFIR

#DailyDFIR 314: iLEAPP & ALEAPP by @AlexisBrignoni (& others!) have been on a tear recently with new features: Autopsy integration: https://t.co/qERybp52Ts Map visualizations photo.sqlite parsing update DFRWS video posted: https://t.co/DE5sa8YkUk Check it out! #DFIR

#DailyDFIR 315: If you missed our talk on "Exploring the Wonders of Timesketch and Jupyter" yesterday (or want to watch it again at a slower speed we went through a lot) the recording is up! https://t.co/2ONWXOJerd We talked about using #Python to tackle a #DFIR challenge!

#DailyDFIR 316: @j_duffy01 has a write-up on @Snapchat and what data can be extracted from the #iOS app: https://t.co/BH81Ni8Udw Nice analysis walkthrough touching on SQLite GUIDs timestamps & protobufs! #DFIR

#DailyDFIR 317: After reading @j_duffy01's post on @Snapchat for #iOS I was interested & looked at the #Android version (in @josh_hickman1's Android 11 image). It's different but still has protobufs in SQLite DBs. Unfurl can help with those! https://t.co/JpAy4Tx8mS #DFIR https://t.co/YjqYO3yDP4

#DailyDFIR 317: After reading @j_duffy01's post on @Snapchat for #iOS I was interested & looked at the #Android version (in @josh_hickman1's Android 11 image). It's different but still has protobufs in SQLite DBs. Unfurl can help with those! https://t.co/JpAy4Tx8mS #DFIR https://t.co/YjqYO3yDP4