DailyDFIR

DailyDFIR

408 bookmarks
Oldest
More on the topic of understanding file formats: #DailyDFIR 251: @hackerfactor writes about how he extended his "Hidden Pixels" analyzer to detect additional types of hidden data in PNGs: https://t.co/CWlgBJk5bi Fun tidbit: most of the "stego" he encounters is for #DFIR CTFs
More on the topic of understanding file formats: #DailyDFIR 251: @hackerfactor writes about how he extended his "Hidden Pixels" analyzer to detect additional types of hidden data in PNGs: https://t.co/CWlgBJk5bi Fun tidbit: most of the "stego" he encounters is for #DFIR CTFs
http://twitter.com/_RyanBenson/status/1303095517577011200
·hackerfactor.com·
More on the topic of understanding file formats: #DailyDFIR 251: @hackerfactor writes about how he extended his "Hidden Pixels" analyzer to detect additional types of hidden data in PNGs: https://t.co/CWlgBJk5bi Fun tidbit: most of the "stego" he encounters is for #DFIR CTFs
#DailyDFIR 252: @13CubedDFIR has a video overview of plaso & log2timeline great for if you've heard of the tools but have questions on how to use them: https://t.co/Da5vhDALrx The video covers using Timeline Explorer to view the output but you can also use Timesketch #DFIR
#DailyDFIR 252: @13CubedDFIR has a video overview of plaso & log2timeline great for if you've heard of the tools but have questions on how to use them: https://t.co/Da5vhDALrx The video covers using Timeline Explorer to view the output but you can also use Timesketch #DFIR
http://twitter.com/_RyanBenson/status/1303549702898511872
·youtu.be·
#DailyDFIR 252: @13CubedDFIR has a video overview of plaso & log2timeline great for if you've heard of the tools but have questions on how to use them: https://t.co/Da5vhDALrx The video covers using Timeline Explorer to view the output but you can also use Timesketch #DFIR
#DailyDFIR 253: @SteveSyfuhs has a detailed step-by-step explanation of the Windows logon process: https://t.co/2m610vN9vi Of all the many bits of deep technical knowledge in #DFIR you never know which is the one that will prove critical in a case.
#DailyDFIR 253: @SteveSyfuhs has a detailed step-by-step explanation of the Windows logon process: https://t.co/2m610vN9vi Of all the many bits of deep technical knowledge in #DFIR you never know which is the one that will prove critical in a case.
http://twitter.com/_RyanBenson/status/1303883061323427840
·syfuhs.net·
#DailyDFIR 253: @SteveSyfuhs has a detailed step-by-step explanation of the Windows logon process: https://t.co/2m610vN9vi Of all the many bits of deep technical knowledge in #DFIR you never know which is the one that will prove critical in a case.
#DailyDFIR 254: @MwOsint & @Sector035 describe how they went from noticing a suspicious account to unravelling a massive scam and demonstrate some great #OSINT tools & techniques along the way! https://t.co/EW6s6ZlO0P #DFIR #OSINT #maltego
#DailyDFIR 254: @MwOsint & @Sector035 describe how they went from noticing a suspicious account to unravelling a massive scam and demonstrate some great #OSINT tools & techniques along the way! https://t.co/EW6s6ZlO0P #DFIR #OSINT #maltego
http://twitter.com/_RyanBenson/status/1304255171762024449
·keyfindings.blog·
#DailyDFIR 254: @MwOsint & @Sector035 describe how they went from noticing a suspicious account to unravelling a massive scam and demonstrate some great #OSINT tools & techniques along the way! https://t.co/EW6s6ZlO0P #DFIR #OSINT #maltego
#DailyDFIR 257: You probably know that Unfurl can parse Google searches but did you know it can also parse @bing search URLs? https://t.co/rElur0UivP There isn't as much there but still some potentially interesting things. #DFIR https://t.co/SS9hOkvXiZ
#DailyDFIR 257: You probably know that Unfurl can parse Google searches but did you know it can also parse @bing search URLs? https://t.co/rElur0UivP There isn't as much there but still some potentially interesting things. #DFIR https://t.co/SS9hOkvXiZ
http://twitter.com/_RyanBenson/status/1305327878020636678
·twitter.com·
#DailyDFIR 257: You probably know that Unfurl can parse Google searches but did you know it can also parse @bing search URLs? https://t.co/rElur0UivP There isn't as much there but still some potentially interesting things. #DFIR https://t.co/SS9hOkvXiZ
#DailyDFIR 257: You probably know that Unfurl can parse Google searches but did you know it can also parse @bing search URLs? https://t.co/rElur0UivP There isn't as much there but still some potentially interesting things. #DFIR https://t.co/SS9hOkvXiZ
#DailyDFIR 257: You probably know that Unfurl can parse Google searches but did you know it can also parse @bing search URLs? https://t.co/rElur0UivP There isn't as much there but still some potentially interesting things. #DFIR https://t.co/SS9hOkvXiZ
http://twitter.com/_RyanBenson/status/1305327878020636678
·dfir.blog·
#DailyDFIR 257: You probably know that Unfurl can parse Google searches but did you know it can also parse @bing search URLs? https://t.co/rElur0UivP There isn't as much there but still some potentially interesting things. #DFIR https://t.co/SS9hOkvXiZ
#DailyDFIR 258: The video of my talk on Unfurl (https://t.co/H5XHNrawum) at the @SANSInstitute #DFIRSummit is up! https://t.co/2r4GcoPskd I covered what Unfurl is how it works interesting use cases general investigative principles & where to get it! #DFIR @DFIRSummit
#DailyDFIR 258: The video of my talk on Unfurl (https://t.co/H5XHNrawum) at the @SANSInstitute #DFIRSummit is up! https://t.co/2r4GcoPskd I covered what Unfurl is how it works interesting use cases general investigative principles & where to get it! #DFIR @DFIRSummit
http://twitter.com/_RyanBenson/status/1305640307812216832
·youtube.com·
#DailyDFIR 258: The video of my talk on Unfurl (https://t.co/H5XHNrawum) at the @SANSInstitute #DFIRSummit is up! https://t.co/2r4GcoPskd I covered what Unfurl is how it works interesting use cases general investigative principles & where to get it! #DFIR @DFIRSummit
#DailyDFIR 258: The video of my talk on Unfurl (https://t.co/H5XHNrawum) at the @SANSInstitute #DFIRSummit is up! https://t.co/2r4GcoPskd I covered what Unfurl is how it works interesting use cases general investigative principles & where to get it! #DFIR @DFIRSummit
#DailyDFIR 258: The video of my talk on Unfurl (https://t.co/H5XHNrawum) at the @SANSInstitute #DFIRSummit is up! https://t.co/2r4GcoPskd I covered what Unfurl is how it works interesting use cases general investigative principles & where to get it! #DFIR @DFIRSummit
http://twitter.com/_RyanBenson/status/1305640307812216832
·unfurl.link·
#DailyDFIR 258: The video of my talk on Unfurl (https://t.co/H5XHNrawum) at the @SANSInstitute #DFIRSummit is up! https://t.co/2r4GcoPskd I covered what Unfurl is how it works interesting use cases general investigative principles & where to get it! #DFIR @DFIRSummit
Ryan Benson on Twitter
Ryan Benson on Twitter
http://twitter.com/_RyanBenson/status/1305657330718007296
·twitter.com·
Ryan Benson on Twitter
#DailyDFIR 260: You can tell when a file attachment was uploaded to @discord just from the URL. In @AlexisBrignoni's example in his blog post the message timestamp is slightly after the embedded file upload timestamp. https://t.co/DAqqNi485l Nice bit of confirmation! #DFIR https://t.co/OzNtyorc43
#DailyDFIR 260: You can tell when a file attachment was uploaded to @discord just from the URL. In @AlexisBrignoni's example in his blog post the message timestamp is slightly after the embedded file upload timestamp. https://t.co/DAqqNi485l Nice bit of confirmation! #DFIR https://t.co/OzNtyorc43
http://twitter.com/_RyanBenson/status/1306430693124108288
·dfir.blog·
#DailyDFIR 260: You can tell when a file attachment was uploaded to @discord just from the URL. In @AlexisBrignoni's example in his blog post the message timestamp is slightly after the embedded file upload timestamp. https://t.co/DAqqNi485l Nice bit of confirmation! #DFIR https://t.co/OzNtyorc43
#DailyDFIR 260: You can tell when a file attachment was uploaded to @discord just from the URL. In @AlexisBrignoni's example in his blog post the message timestamp is slightly after the embedded file upload timestamp. https://t.co/DAqqNi485l Nice bit of confirmation! #DFIR https://t.co/OzNtyorc43
#DailyDFIR 260: You can tell when a file attachment was uploaded to @discord just from the URL. In @AlexisBrignoni's example in his blog post the message timestamp is slightly after the embedded file upload timestamp. https://t.co/DAqqNi485l Nice bit of confirmation! #DFIR https://t.co/OzNtyorc43
http://twitter.com/_RyanBenson/status/1306430693124108288
·twitter.com·
#DailyDFIR 260: You can tell when a file attachment was uploaded to @discord just from the URL. In @AlexisBrignoni's example in his blog post the message timestamp is slightly after the embedded file upload timestamp. https://t.co/DAqqNi485l Nice bit of confirmation! #DFIR https://t.co/OzNtyorc43
Ryan Benson on Twitter
Ryan Benson on Twitter
http://twitter.com/_RyanBenson/status/1306433780710744064
·twitter.com·
Ryan Benson on Twitter
#DailyDFIR 261: iOS 14 is here! Here's a few "what's changed for #DFIR" posts: https://t.co/Eg0QA60lNm & https://t.co/albpK5v6oR by @cScottVance https://t.co/aebZ5Mqpf9 by @CiofecaForensic tl;dr: it's mostly the same (minor changes). More differences will appear as we dig in.
#DailyDFIR 261: iOS 14 is here! Here's a few "what's changed for #DFIR" posts: https://t.co/Eg0QA60lNm & https://t.co/albpK5v6oR by @cScottVance https://t.co/aebZ5Mqpf9 by @CiofecaForensic tl;dr: it's mostly the same (minor changes). More differences will appear as we dig in.
http://twitter.com/_RyanBenson/status/1306692121160638464
·ciofecaforensics.com·
#DailyDFIR 261: iOS 14 is here! Here's a few "what's changed for #DFIR" posts: https://t.co/Eg0QA60lNm & https://t.co/albpK5v6oR by @cScottVance https://t.co/aebZ5Mqpf9 by @CiofecaForensic tl;dr: it's mostly the same (minor changes). More differences will appear as we dig in.
#DailyDFIR 261: iOS 14 is here! Here's a few "what's changed for #DFIR" posts: https://t.co/Eg0QA60lNm & https://t.co/albpK5v6oR by @cScottVance https://t.co/aebZ5Mqpf9 by @CiofecaForensic tl;dr: it's mostly the same (minor changes). More differences will appear as we dig in.
#DailyDFIR 261: iOS 14 is here! Here's a few "what's changed for #DFIR" posts: https://t.co/Eg0QA60lNm & https://t.co/albpK5v6oR by @cScottVance https://t.co/aebZ5Mqpf9 by @CiofecaForensic tl;dr: it's mostly the same (minor changes). More differences will appear as we dig in.
http://twitter.com/_RyanBenson/status/1306692121160638464
·blog.d204n6.com·
#DailyDFIR 261: iOS 14 is here! Here's a few "what's changed for #DFIR" posts: https://t.co/Eg0QA60lNm & https://t.co/albpK5v6oR by @cScottVance https://t.co/aebZ5Mqpf9 by @CiofecaForensic tl;dr: it's mostly the same (minor changes). More differences will appear as we dig in.
#DailyDFIR 261: iOS 14 is here! Here's a few "what's changed for #DFIR" posts: https://t.co/Eg0QA60lNm & https://t.co/albpK5v6oR by @cScottVance https://t.co/aebZ5Mqpf9 by @CiofecaForensic tl;dr: it's mostly the same (minor changes). More differences will appear as we dig in.
#DailyDFIR 261: iOS 14 is here! Here's a few "what's changed for #DFIR" posts: https://t.co/Eg0QA60lNm & https://t.co/albpK5v6oR by @cScottVance https://t.co/aebZ5Mqpf9 by @CiofecaForensic tl;dr: it's mostly the same (minor changes). More differences will appear as we dig in.
http://twitter.com/_RyanBenson/status/1306692121160638464
·blog.d204n6.com·
#DailyDFIR 261: iOS 14 is here! Here's a few "what's changed for #DFIR" posts: https://t.co/Eg0QA60lNm & https://t.co/albpK5v6oR by @cScottVance https://t.co/aebZ5Mqpf9 by @CiofecaForensic tl;dr: it's mostly the same (minor changes). More differences will appear as we dig in.
#DailyDFIR 262: Check out the video of @williballenthin's talk on automatically identifying malware capabilities with their open source capa tool: https://t.co/xaVC4NxGDV Great talk from the @SANSInstitute @DFIRSummit. #DFIR #RE
#DailyDFIR 262: Check out the video of @williballenthin's talk on automatically identifying malware capabilities with their open source capa tool: https://t.co/xaVC4NxGDV Great talk from the @SANSInstitute @DFIRSummit. #DFIR #RE
http://twitter.com/_RyanBenson/status/1307165492147150848
·youtube.com·
#DailyDFIR 262: Check out the video of @williballenthin's talk on automatically identifying malware capabilities with their open source capa tool: https://t.co/xaVC4NxGDV Great talk from the @SANSInstitute @DFIRSummit. #DFIR #RE
#DailyDFIR 263: This detailed post by @CiofecaForensic shows the iterative process of detective work used to build a .proto file for an unknown protobuf: https://t.co/MiQWuMY3V6 If you are interested in learning to decipher unknown protobufs this post is a great read. #DFIR
#DailyDFIR 263: This detailed post by @CiofecaForensic shows the iterative process of detective work used to build a .proto file for an unknown protobuf: https://t.co/MiQWuMY3V6 If you are interested in learning to decipher unknown protobufs this post is a great read. #DFIR
http://twitter.com/_RyanBenson/status/1307452374357737472
·ciofecaforensics.com·
#DailyDFIR 263: This detailed post by @CiofecaForensic shows the iterative process of detective work used to build a .proto file for an unknown protobuf: https://t.co/MiQWuMY3V6 If you are interested in learning to decipher unknown protobufs this post is a great read. #DFIR
#DailyDFIR 264: New blog started by @theAtropos4n6 has some nice posts on cloud sync apps (Dropbox Google Drive) and the Chrome Logins database: https://t.co/llBImRkAPr Great job excited to see what comes next! #DFIR
#DailyDFIR 264: New blog started by @theAtropos4n6 has some nice posts on cloud sync apps (Dropbox Google Drive) and the Chrome Logins database: https://t.co/llBImRkAPr Great job excited to see what comes next! #DFIR
http://twitter.com/_RyanBenson/status/1307882782023012352
·atropos4n6.com·
#DailyDFIR 264: New blog started by @theAtropos4n6 has some nice posts on cloud sync apps (Dropbox Google Drive) and the Chrome Logins database: https://t.co/llBImRkAPr Great job excited to see what comes next! #DFIR
RT @Cheeky4n6Monkey: Watch @_RyanBenson's SANS DFIR Summit 2020 presentation to learn more about his cool tool "unfurl" here: https://t.co/UoPbnlNZmG Bonus: Ryan also highlights some interesting "hidden" URL parameter/metadata e.g. timestamps GUIDs. Aweseome stuff!
RT @Cheeky4n6Monkey: Watch @_RyanBenson's SANS DFIR Summit 2020 presentation to learn more about his cool tool "unfurl" here: https://t.co/UoPbnlNZmG Bonus: Ryan also highlights some interesting "hidden" URL parameter/metadata e.g. timestamps GUIDs. Aweseome stuff!
http://twitter.com/_RyanBenson/status/1308034716021317634
·t.co·
RT @Cheeky4n6Monkey: Watch @_RyanBenson's SANS DFIR Summit 2020 presentation to learn more about his cool tool "unfurl" here: https://t.co/UoPbnlNZmG Bonus: Ryan also highlights some interesting "hidden" URL parameter/metadata e.g. timestamps GUIDs. Aweseome stuff!
#DailyDFIR 265: More #iOS14 #DFIR resources: @HeatherMahalik reviews different acquisition methods & common artifacts for iOS 14: https://t.co/7ujgXtEAfS checkra1n support for iOS 14 (older devices only): https://t.co/9FiJGm1p5N #mobile4n6
#DailyDFIR 265: More #iOS14 #DFIR resources: @HeatherMahalik reviews different acquisition methods & common artifacts for iOS 14: https://t.co/7ujgXtEAfS checkra1n support for iOS 14 (older devices only): https://t.co/9FiJGm1p5N #mobile4n6
http://twitter.com/_RyanBenson/status/1308255968292081664
·smarterforensics.com·
#DailyDFIR 265: More #iOS14 #DFIR resources: @HeatherMahalik reviews different acquisition methods & common artifacts for iOS 14: https://t.co/7ujgXtEAfS checkra1n support for iOS 14 (older devices only): https://t.co/9FiJGm1p5N #mobile4n6
#DailyDFIR 265: More #iOS14 #DFIR resources: @HeatherMahalik reviews different acquisition methods & common artifacts for iOS 14: https://t.co/7ujgXtEAfS checkra1n support for iOS 14 (older devices only): https://t.co/9FiJGm1p5N #mobile4n6
#DailyDFIR 265: More #iOS14 #DFIR resources: @HeatherMahalik reviews different acquisition methods & common artifacts for iOS 14: https://t.co/7ujgXtEAfS checkra1n support for iOS 14 (older devices only): https://t.co/9FiJGm1p5N #mobile4n6
http://twitter.com/_RyanBenson/status/1308255968292081664
·checkra.in·
#DailyDFIR 265: More #iOS14 #DFIR resources: @HeatherMahalik reviews different acquisition methods & common artifacts for iOS 14: https://t.co/7ujgXtEAfS checkra1n support for iOS 14 (older devices only): https://t.co/9FiJGm1p5N #mobile4n6
#DailyDFIR 268: If you've looked at Google search URLs you might have noticed the "ved" parameter in query string. Some fun facts about it: There are four versions of the "ved" Two versions contain timestamps More: https://t.co/HqnumPxVDZ #DFIR #OSINT #TBT https://t.co/Urc3bckXwa
#DailyDFIR 268: If you've looked at Google search URLs you might have noticed the "ved" parameter in query string. Some fun facts about it: There are four versions of the "ved" Two versions contain timestamps More: https://t.co/HqnumPxVDZ #DFIR #OSINT #TBT https://t.co/Urc3bckXwa
http://twitter.com/_RyanBenson/status/1309338218697908226
·twitter.com·
#DailyDFIR 268: If you've looked at Google search URLs you might have noticed the "ved" parameter in query string. Some fun facts about it: There are four versions of the "ved" Two versions contain timestamps More: https://t.co/HqnumPxVDZ #DFIR #OSINT #TBT https://t.co/Urc3bckXwa