DailyDFIR

#DailyDFIR 344: Here are two posts on the @MagnetForensics memory forensics #CTF: https://t.co/3mqSbFOfwK by @KevinPagano3 https://t.co/rufVkAauGr by @dwmetz It's nice to see how others do #DFIR; you'll often learn new things! I didn't know about MemProcFS but it looks neat.

#DailyDFIR 344: Here are two posts on the @MagnetForensics memory forensics #CTF: https://t.co/3mqSbFOfwK by @KevinPagano3 https://t.co/rufVkAauGr by @dwmetz It's nice to see how others do #DFIR; you'll often learn new things! I didn't know about MemProcFS but it looks neat.

#DailyDFIR 345: The 2020 @SANSInstitute #HolidayHack Challenge is here! Challenge: https://t.co/Gy1amgLWHm Welcome & Tips video: https://t.co/KcViKto8rA This is a fun annual holiday-themed #DFIR #CTF (with lots of hidden surprises!)

#DailyDFIR 345: The 2020 @SANSInstitute #HolidayHack Challenge is here! Challenge: https://t.co/Gy1amgLWHm Welcome & Tips video: https://t.co/KcViKto8rA This is a fun annual holiday-themed #DFIR #CTF (with lots of hidden surprises!)

#DailyDFIR 346: I've added JSON file expansion to the "Chrome Evolution" visualization: https://t.co/EFjQ4er6BZ JSON files (Bookmarks Preferences etc) hold valuable info. Like SQLite DBs their structure changes over #Chrome versions; now you can expand & explore it! #DFIR https://t.co/kOAMd6VBtC

#DailyDFIR 347: This day a year ago I released Unfurl. A lot has happened in the world in that year (bit of an understatement I know). I'm thankful for the kind words and contributions (both code & ideas) to Unfurl from the #DFIR community. More to come this next year! https://t.co/JWtKZVLQpN

#DailyDFIR 348: There a bunch of #DFIR #CTFs out there now (which is great!) @MetaspikeHQ has one that's a bit different - it's focused on email forensics: https://t.co/TvUlaEhe6b I don't do this kind of analysis often so it's nice to practice these skills.

#DailyDFIR 349: Many open source #DFIR projects use #Git - which can be a bit confusing especially when starting out. This interactive site visualizes what git commands do: https://t.co/UdM8mJNfNI It's neat how the tree graphic updates as you type commands! #Python #github

#DailyDFIR 350: @SecHubb launched a new mini-series called "12 Days of Defense" covering some of the common tasks those beginning in #DFIR or SOC work are likely to encounter: https://t.co/lkzWfRjVmg There are 5 videos out now with more coming each day! Check it out!

#DailyDFIR 351: The "ved" parameter in a Google search URL gives insight about the link that was clicked on. A new type (starting with 2) was spotted in early 2020 but the older types are still prevalent. Info on ved types & parsing: https://t.co/HqnumPxVDZ #DFIR #OSINT https://t.co/JGAQIPpxWj

#DailyDFIR 352: @kviddy has two posts on LevelDB & Chrome's IndexedDB... & a parser in #Python! https://t.co/VewlTlh29F https://t.co/QW6Zdkkrt0 https://t.co/iQ4EXJJCyJ LevelDB is in many places in Chrome (& beyond); this code makes parsing it much easier. Thanks Alex!

#DailyDFIR 352: @kviddy has two posts on LevelDB & Chrome's IndexedDB... & a parser in #Python! https://t.co/VewlTlh29F https://t.co/QW6Zdkkrt0 https://t.co/iQ4EXJJCyJ LevelDB is in many places in Chrome (& beyond); this code makes parsing it much easier. Thanks Alex!

#DailyDFIR 352: @kviddy has two posts on LevelDB & Chrome's IndexedDB... & a parser in #Python! https://t.co/VewlTlh29F https://t.co/QW6Zdkkrt0 https://t.co/iQ4EXJJCyJ LevelDB is in many places in Chrome (& beyond); this code makes parsing it much easier. Thanks Alex!

#DailyDFIR 353: Want to see what a user did in #Chrome? Hindsight is an open source tool for analyzing a wide range of Chrome artifacts: https://t.co/B7fJ9TxeZh For those who've used it before there's more good stuff coming soon - a few cool new features in the works! #DFIR https://t.co/SsLsNK2c5T

#DailyDFIR 353: Want to see what a user did in #Chrome? Hindsight is an open source tool for analyzing a wide range of Chrome artifacts: https://t.co/B7fJ9TxeZh For those who've used it before there's more good stuff coming soon - a few cool new features in the works! #DFIR https://t.co/SsLsNK2c5T

#DailyDFIR 354: @mattiaep starts a series on #IoT forensics starting with digging into a Smart refrigerator from the @vto_labs dataset: Blog: https://t.co/yrgVhPfCFI IoT dataset: https://t.co/UbQ1VRKZ9S It's always interesting seeing what's extracted from these devices! #DFIR

#DailyDFIR 354: @mattiaep starts a series on #IoT forensics starting with digging into a Smart refrigerator from the @vto_labs dataset: Blog: https://t.co/yrgVhPfCFI IoT dataset: https://t.co/UbQ1VRKZ9S It's always interesting seeing what's extracted from these devices! #DFIR

#DailyDFIR 355: Another round of write-ups for the @MagnetForensics #DFIR #CTF (Week 10): https://t.co/iyqRit4kKB https://t.co/MNih6hKTDg https://t.co/SjdFV5OIET This one focused on memory forensics & Chrome (yay). It was cool to see different approaches. Nice work!

#DailyDFIR 355: Another round of write-ups for the @MagnetForensics #DFIR #CTF (Week 10): https://t.co/iyqRit4kKB https://t.co/MNih6hKTDg https://t.co/SjdFV5OIET This one focused on memory forensics & Chrome (yay). It was cool to see different approaches. Nice work!

#DailyDFIR 355: Another round of write-ups for the @MagnetForensics #DFIR #CTF (Week 10): https://t.co/iyqRit4kKB https://t.co/MNih6hKTDg https://t.co/SjdFV5OIET This one focused on memory forensics & Chrome (yay). It was cool to see different approaches. Nice work!

#DailyDFIR 356: A further look at #Chrome's new Media History database in two posts by Kyle Song: https://t.co/gWayOfVQa5 https://t.co/AC4T009c1S In particular I like the experiments to see what gets recorded in the DB. #DFIR (posts are in Korean - Google Translate FTW!)

#DailyDFIR 356: A further look at #Chrome's new Media History database in two posts by Kyle Song: https://t.co/gWayOfVQa5 https://t.co/AC4T009c1S In particular I like the experiments to see what gets recorded in the DB. #DFIR (posts are in Korean - Google Translate FTW!)

#DailyDFIR 357: @KevinPagano3 digs into the #Google Docs #Android app with a look at what's in the DBs links to SQL queries & ALEAPP parser! https://t.co/F92cBt2Xg7 You can also find references to "cello" in Chrome artifacts; it's good to remember it's Docs-related. #DFIR

#DailyDFIR 358: Check out @B1N2H3X talking with @davisrichardg on #CacheUp! Interview: https://t.co/MHpbaUbLle Richard's videos are really well done & packed full of good info; they're a fantastic resource. Here's the @13CubedDFIR channel: https://t.co/duqS8f35Fn #DFIR

#DailyDFIR 358: Check out @B1N2H3X talking with @davisrichardg on #CacheUp! Interview: https://t.co/MHpbaUbLle Richard's videos are really well done & packed full of good info; they're a fantastic resource. Here's the @13CubedDFIR channel: https://t.co/duqS8f35Fn #DFIR

#DailyDFIR 359: Merry Christmas to #DFIR and to all a good night https://t.co/IKPXaaMurZ

#DailyDFIR 361: Want to learn about static malware analysis? @jstrosch has put together an exercise (with solutions) around analyzing a malicious document: https://t.co/VoUpZFEaZ4 These kinds of challenges are great for those interested in #DFIR & like to learn by doing.

#DailyDFIR 362: More email forensics: @phillmoore has a write-up on the week 2 @MetaspikeHQ CTF: https://t.co/Sg20XyUPOR Besides walking through the questions Phill has some excellent links in the article for further reading on some of the nuances of analyzing email. #DFIR

#DailyDFIR 363: @SANSInstitute is having a free "Cyber Camp" for teens starting TOMORROW: https://t.co/AHsh9e69N9 It looks like a neat event with lots of hands-on learning opportunities (& even a #CTF). I think this info is useful for all not just those getting into #DFIR.

#DailyDFIR 364: A new Plaso release (20201228) is here! Updates: libfshfs added as option to improve HFS/HFSX parsing filestat parser supports more timestamp types libfsxfs added to provide XFS support and more! Post with more details: https://t.co/1Q51v6jv7v #DFIR