- Tools & Artifacts – Windows – new entries added – ShimCache, YARA Rules, AnyDesk, Registry, WinZip, Swapfile URLs, viber.db
- Tools & Artifacts – MacOS – new entry added – Unified Logs
- Tools & Artifacts – iOS – new entry added – Apple Health
- Jobs – old entries cleaned up, new entries added – KPMG, Deloitte, Cisco, Microsoft, Charles River Associates, Coalfire, Amazon, EY, and Raytheon Technologies
- Forensicators of DFIR – new entry added – TheSecurityNoob
AboutDFIR stickers are still a thing! If you’re interested in one, please let us know! Here’s what they look like:
Devon will be speaking at the HTCIA Conference at the end of the month. If you choose to attend, definitely stop in and give his talk, “Trickle Down Effect”, a listen! He’ll be walking the audience through threat actor tactics and the trickle down effect of APT and skilled groups down to the Organized Crime groups and the mass scale executions.
Never forget. 9.11.01.