AboutDFIR Site Content Update – 04/26/2024

Challenges & CTFs - old entries cleaned up, new entries added: CTFs: BelkaCTF #6: Bogus Bill CTF Walkthroughs: Belkasoft CTF 6: Write-up Jobs - old entries cleaned up, new entries added: CyberClan IronGate Cybersecurity Mandiant (now part of Google Cloud) modePUSH NCC Group RSM SentinelOne Tools & Artifacts - Android - new entries added: Tools: ALEAPP Artifacts: Android - Digital Wellbeing - Investigating Android Digital Wellbeing Samsung Bluetooth Call Routes - Road Trippin’ – Exploring…
Read More

AboutDFIR Site Content Update – 04/12/2024

Challenges & CTFs - new entries added: Challenges: The DFIR Report - DFIR Labs XINTRA - Advanced APT Emulation Labs Jobs - old entries cleaned up, new entries added: AT&T Mandiant (now part of Google Cloud) Microsoft modePUSH Palo Alto Networks Unit 42 ZeroFox Tools & Artifacts - AWS - new entry added: Artifacts: AWS Amplify Logs - Do NOT forget the AWS Amplify Logs Tools & Artifacts - iOS - new entries added: Tools:…
Read More

AboutDFIR Site Content Update – 03/29/2024

Challenges & CTFs - new entries added - CTF - Magnet Virtual Summit 2024 Capture The Flag, CTF Walkthrough - Magnet Virtual Summit 2024 Capture The Flag - Cipher, iOS (Doug Metz), Magnet Virtual Summit 2024 Capture The Flag - Android, Cipher (DFIR101), Magnet Virtual Summit 2024 Capture The Flag - Android, Cipher, iOS (Forensafe, Kairos (Hestia) Tay, Kevin Pagano, Madi Brumbelow at The Hive) Jobs - old entries cleaned up, new entries added -…
Read More

AboutDFIR Site Content Update – 03/22/2024

Jobs - old entries cleaned up, new entries added - Arete, CrowdStrike, Kivu Consulting, Kroll, Mandiant (now part of Google Cloud), Palo Alto Networks Unit 42, Salesforce, Surefire Cyber, Trustwave Tools & Artifacts - Android - new entry added - WhatsApp - Android WhatsApp Forensics. Part II: Analysis Tools & Artifacts - File Systems - new entry added - NTFS - NTFS Artifacts Tools & Artifacts - iOS - new entries added - Apple Accounts…
Read More

AboutDFIR Site Content Update – 03/15/2024

Jobs - old entries cleaned up, new entries added - Aperture, JPMorgan Chase & Co., Kraft Heinz, Mandiant (now part of Google Cloud), modePUSH, RSM, TrustedSec Tools & Artifacts - Windows - new entries added - AmCache - Evidence of Program Existence - Amcache, Event Tracing (ETW) - ETL File analysis in live, Triage Analysis - Chaos to Clarity: Why Triage is Not Optional, Tools - Invoke-LiveResponse SANS has released an overview for the new…
Read More

AboutDFIR Site Content Update – 03/08/2024

Jobs - old entries cleaned up, new entries added - CrowdStrike, JPMorgan Chase & Co., Keith Borer Consultants, Mitiga, NCC Group, Palo Alto Networks Unit 42, Zurich Tools & Artifacts - Android - new entries added - Android Acquisition - Mobile Forensic Images and Acquisition Priorities, WhatsApp - Android WhatsApp Forensics. Part I: Acquisition Tools & Artifacts - Google Workspace - new entry added - Google Chrome - Google Chrome Platform Notification Analysis Tools &…
Read More

AboutDFIR Site Content Update – 03/01/2024

Jobs - old entries cleaned up, new entries added - JetBlue, Kaseya, Palo Alto Networks Unit 42, Rapid7, Secureworks, Soteria, Sygnia Tools & Artifacts - Android - new entry added - WhatsApp - Investigating Android WhatsApp Tools & Artifacts - AWS - new entry added - AWS Incident Response - AWS Ransomware Tools & Artifacts - Microsoft 365 - new entry added - MailItemsAccessed - MailItemsAccessed Woes: M365 Investigation Challenges Tools & Artifacts - iOS…
Read More

AboutDFIR Site Content Update – 02/23/2024

Jobs - old entries cleaned up, new entries added - Arete, Contact Discovery Services LLC, Huntress, Mandiant (now part of Google Cloud), Palo Alto Networks Unit 42, Surefire Cyber, Thames Valley Police, UCLA Health Tools & Artifacts - AWS - new entry added - AWS Incident Response - How to be IR Prepared in AWS Tools & Artifacts - Google Cloud - new entry added - Google Cloud Incident Response - Google Cloud Incident Response…
Read More

AboutDFIR Site Content Update – 02/16/2024

Jobs - old entries cleaned up, new entries added - Deloitte, IBM, NYU Langone Health, Warner Bros. Discovery Tools & Artifacts - Android - new entry added - Android - SMS - Investigating Android SMS Tools & Artifacts - iOS - new entry added - iOS Acquisition - Bootloader-Level Extraction for Apple Hardware Tools & Artifacts - Microsoft 365 - new entry added - Unified Audit Log (UAL) - What DFIR experts need to know…
Read More

AboutDFIR Site Content Update – 02/09/2024

Jobs - old entries cleaned up, new entries added - Adobe, Alight, Boston Consulting Group (BCG) Tools & Artifacts - Android - new entry added -  Android Acquisition - How to Acquire Digital Evidence with Android Screen Capturer in Belkasoft X Tools & Artifacts - iOS - new entries added - iOS Forensic Toolkit - iOS Forensic Toolkit: Mounting HFS Images in Windows, Snapchat - Investigating iOS Snapchat Tools & Artifacts - Linux - new…
Read More

AboutDFIR Site Content Update – 02/02/2024

Jobs - old entries cleaned up, new entries added - Kroll, Mandiant (now part of Google Cloud), OpenAI, Palo Alto Networks Unit 42 Tools & Artifacts - Google Workspace - new entry added - Google Drive File Stream (DriveFS) - Hunting for File Deletion Artifacts in Google File Stream Data Tools & Artifacts - iOS - new entry added -  iOS Voice Triggers - Investigating iOS Voice Triggers Tools & Artifacts - Windows - new…
Read More

AboutDFIR Site Content Update – 01/26/2024

Jobs - old entries cleaned up, new entries added - Accenture, Arete, Center For Internet Security (CIS), IBM, Red Canary, Surefire Cyber Tools & Artifacts - Android - new entries added - Android Acquisition - The Investigator’s Guide to Android Acquisition Methods. Part I: Device, Life360 - Analyzing Life360 on Android Tools & Artifacts - File Systems - new entries added - Tools - Indx2Csv, Tools - INDXRipper Tools & Artifacts - iOS - new…
Read More

AboutDFIR Site Content Update – 01/19/2024

Jobs - old entries cleaned up, new entries added - Arete, CyberClan, Kivu Consulting, modePUSH, Paramount Tools & Artifacts - DVR/Multimedia - new entry added - Video Analysis - Video Forensic Analysis of Samsung DVRs – Insights from 2024 Tools & Artifacts - iOS - new entries added - iOS Acquisition - When Extraction Meets Analysis: Cellebrite Physical Analyzer, iOS Calls - Investigating iOS Calls Tools & Artifacts - Windows - new entry added -…
Read More

AboutDFIR Site Content Update – 01/12/2024

Jobs - old entries cleaned up, new entries added - Atlassian, Cadence, Calix, CrowdStrike, SAIC Tools & Artifacts - AWS - new entries added - AWS Cloud Forensics - The Importance of Depth: Cloud Forensics Beyond Log Analysis, EC2 (Elastic Compute Cloud) - The Cado Platform can now Capture AWS EC2 Systems into E01 Format Tools & Artifacts - DVR/Multimedia - new entry added - ExifTool - ExifTool Basics for DFIR Tools & Artifacts -…
Read More

AboutDFIR Site Content Update – 01/05/2024

Jobs - old entries cleaned up, new entries added - ADP, Comcast, OpenText, Palo Alto Networks Unit 42, Paylocity, Prudential, State of Minnesota, United Airlines Tools & Artifacts - Android - new entries added - Android Unlocking - Android: Unlock and Rooting, Application Execution - Has the user ever used the XYZ application? aka traces of application execution on mobile devices, Instagram - Investigating Android Instagram Tools & Artifacts - iOS - new entries added -…
Read More

AboutDFIR Site Content Update – 12/29/2023

Jobs - old entries cleaned up, new entries added - ADP, Clear, NCC Group, Palo Alto Networks Unit 42, Pouvoir Judiciaire - Etat de Genève, Warner Bros. Discovery Tools & Artifacts - DVR/Multimedia - new entry added - Video/Image Analysis - Correct the Aspect Ratio of CCTV Footage Tools & Artifacts - Google Workspace - new entries added - Tools - DriveFS Sleuth, Google Drive File Stream (DriveFS) - DriveFS Sleuth — Your Ultimate Google…
Read More

AboutDFIR Site Content Update – 12/22/2023

Jobs - old entries cleaned up, new entries added - Arete, At-Bay, Kivu Consulting, Kroll, Notion, Palo Alto Networks Unit 42, Salesforce, Surefire Cyber Tools & Artifacts - Android - new entry added - Snapchat - Investigating Android Snapchat App Tools & Artifacts - DVR/Multimedia - new entry added - Video/Image Analysis - Measure Speed from Surveillance Video Tools & Artifacts - Linux - new entries added - Linux Forensics - Using the Unix-like Artifacts…
Read More

AboutDFIR Site Content Update – 12/15/2023

Jobs - old entries cleaned up, new entries added - AWS, Booz Allen Hamilton, CDW, Cyderes, Palo Alto Networks Unit 42, State Street, Verizon Challenges & CTFs - new entry added - CTF Walkthrough - Cellebrite CTF 2023 - Sharon (Forensafe) Tools & Artifacts - AWS - new entry added - CloudTrail - AWS CloudTrail Forensics - HTB Nubilum-1 Tools & Artifacts - iOS - new entry added - iTunes Backups - The Pitfalls of…
Read More

AboutDFIR Site Content Update – 12/08/2023

Jobs - old entries cleaned up, new entries added - Accenture, Booz Allen Hamilton, CDW, Cloudflare, Moderna, NCC Group Tools & Artifacts - Android - new entry added - Viber - Investigating Android Viber Tools & Artifacts - DVR/Multimedia - new entry added - Video/Image Analysis - Increase Exposure of Dark Footage Tools & Artifacts - Google Workspace - new entry added - Gmail - Dots do matter: Why dots in Gmail addresses impact Google…
Read More

AboutDFIR Site Content Update – 12/01/2023

Jobs - old entries cleaned up, new entries added - Magnet Forensics, NCC Group, Palo Alto Networks Unit 42, SentinelOne Tools & Artifacts - Android - new entries added - Android - Gmail - Investigating Android Gmail, WhatsApp - Forensic Duel: Exploring Deleted WhatsApp Messages—iOS vs Android Tools & Artifacts - AWS - new entry added - Tools - Cado's Import UI Tools & Artifacts - Azure - new entry added - Tools - Cado's…
Read More

AboutDFIR Site Content Update – 11/24/2023

Certifications & Training - new entry added - SANS - GX-PT Jobs - old entries cleaned up, new entries added - Cellebrite, CrowdStrike, Department of Homeland Security (DHS), FTI Consulting, IBM, JP Morgan Chase & Co., LinkedIn, Mandiant (now part of Google Cloud), Red Canary, USAA Tools & Artifacts - DVR/Multimedia - new entry added - Video/Image Analysis - Correct Optical Distortion Tools & Artifacts - Android - new entry added - Android - IMO…
Read More

AboutDFIR Site Content Update – 11/17/2023

Challenges & CTFs - new entries added - CTF Walkthrough - Cellebrite CTF 2023 - Abe (Forensafe), LetsDefend - Ransomware Attack (N00b_H@ck3r) Jobs - old entries cleaned up, new entries added - Ankura, Arete, Cadence, Lockheed Martin, Peraton, Tesla, TransPerfect Legal Tools & Artifacts - AWS - new entry added - Tools - cloudgrep Tools & Artifacts - Azure - new entry added - Tools - cloudgrep Tools & Artifacts - Google Cloud - new…
Read More

AboutDFIR Site Content Update – 11/10/2023

Challenges & CTFs - new entry added - CTF Walkthrough - Huntress Capture The Flag - A CTF Marathon (Doug Metz) Jobs - old entries cleaned up, new entries added - Palo Alto Networks Unit 42, Paramount, Rapid7, SentinelOne Tools & Artifacts - Android - new entries added - Android Acquisition - Data Extraction Cheatsheet, Android - Playstore - Investigating Android Playstore Search History Tools & Artifacts - AWS - new entry added - AWS…
Read More

AboutDFIR Site Content Update – 11/03/2023

Challenges & CTFs - new entries added - CTF - Dragos Capture The Flag 2023, Huntress Capture The Flag 2023, Cellebrite CTF 2023, CTF Walkthrough - Cellebrite CTF 2023 - Abe (Kevin Pagano), Cellebrite CTF 2023 - Felix (Kevin Pagano), Cellebrite CTF 2023 - Felix (Forensafe), Challenge #1 - Web Server Case (Joseph Moronwi) Jobs - old entries cleaned up, new entries added - Forensic Discovery LLC, Illinois State Police, Palo Alto Networks Unit 42,…
Read More

AboutDFIR Site Content Update – 10/27/2023

Home - new page created - AWS Home - new page created - Google Cloud Home - new page created - Google Workspace Home - new page created - Microsoft Azure Home - new page created - Microsoft 365 Jobs - old entries cleaned up, new entries added - Arete, Eli Lilly and Company, Fortinet, modePUSH, State Street, Sygnia, Uber Tools & Artifacts - Android - new entries added - Google Maps - Finding Phones…
Read More

AboutDFIR Site Content Update – 10/20/2023

Tools & Artifacts - Windows - new entries added - Prefetch - Artifacts of Execution: Prefetch - Part One, JLECmd - [DFIR TOOLS] JLECmd, what is it & how to use! Tools & Artifacts - Linux - new entry added - Linux Forensics - Investigating a Compromised Web Server Tools & Artifacts - DVR/Multimedia - new entries added - Image Analysis - Enhance a Backlit Scene, How To Reveal AI-generated Images by Checking Shadows and…
Read More

AboutDFIR Site Content Update – 10/13/2023

Tools & Artifacts - Windows - new entries added - Intrusion Analysis - Windows Artifacts For Intrusion Analysis: A Treasure Trove of Evidence, TeraCopy - Introducing TeraLogger, Timeline Analysis - Timeline Creation for Forensic Analysis Tools & Artifacts - macOS - new entry added - macOS - Sonoma - Sonoma’s log gets briefer and more secretive Tools & Artifacts - Linux - new entry added - Linux Forensics - Linux Forensics In Depth Tools &…
Read More

AboutDFIR Site Content Update – 10/06/2023

Tools & Artifacts - Windows - new entries added - ScreenConnect - From ScreenConnect to Hive Ransomware in 61 hours, UserAssist - Decoding Windows Registry Artifacts with Belkasoft X: UserAssist, USB Devices - Automated USB artefact parsing from the Registry Tools & Artifacts - iOS - new entry added - iOS15 - iOS 15 Image Forensics Analysis and Tools Comparison - Processing details and general device information Tools & Artifacts - Android - new entry…
Read More

AboutDFIR Site Content Update – 09/29/2023

Tools & Artifacts - Windows - new entry added - OneDriveExplorer - OneDriveExplorer ODL Parsing Issues Tools & Artifacts - iOS - new entries added - iOS Acquisition - iCloud Advanced Data Protection: Implications for Forensic Extraction Tools & Artifacts - Android - new entry added - Last SIM - Investigating Android Last SIM Tools & Artifacts - DVR/Multimedia - new entry added - Video/Image Analysis - Super Resolution from Different Perspectives Jobs - old…
Read More

AboutDFIR Site Content Update – 09/22/2023

Tools & Artifacts - Windows - new entry added - EventTransciptParser Tools & Artifacts - iOS - new entries added - iOS 17 - iOS 17 Forensics: Another Year, Another Byte of the Apple, iOS - iOS System Artifacts: Revealing Hidden Clues, iOS Acquisition - iOS Forensic Toolkit: Troubleshooting Low-Level Extraction Agent Tools & Artifacts - Android - new entry added - Android - Accounts - Investigating Android Accounts Tools & Artifacts - DVR/Multimedia -…
Read More

GX-FA Exam: My Experience

Introduction I recently attended the 2023 SANS DFIR Summit in Austin, TX when I saw an advertisement for the brand new GIAC Experienced Forensic Analyst (GX-FA) certification. SANS offered a discount for attendees that were interested in taking this exam and so I decided why not? The last GIAC exam I had taken was the GIAC Certified Forensic Analyst (GCFA) exam in December 2022 and so I found it to be very appropriate to follow…
Read More

AboutDFIR Site Content Update – 09/15/2023

Tools & Artifacts - Windows - new entries added - Level.io - RMM - Level.io: Forensic Artifacts and Evidence, OneDriveExplorer - What's New in OneDriveExplorer, Microsoft Edge - Microsoft Edge Forensics: Screenshot History  Tools & Artifacts - iOS - new entry added - WhatsApp - iOS WhatsApp Forensics with Belkasoft X Tools & Artifacts - Android - new entry added - Android - Contacts - Investigating Android Contacts Tools & Artifacts - DVR/Multimedia - new…
Read More

AboutDFIR Site Content Update – 09/08/2023

Tools & Artifacts - Windows - new entry added - Microsoft Remote Access VPN - Forensic Aspects of Microsoft Remote Access VPN Tools & Artifacts - Linux - new entry added - Walk-through of Dr. Ali Hadi's Web Server Case CTF Tools & Artifacts - iOS - new entry added - Telegram - Investigating iOS Telegram Tools & Artifacts - DVR/Multimedia - new entry added - Deblur a Moving Car Jobs - old entries cleaned…
Read More

Day 5 – Excerpt from Chapter 5 – “Intrusion Lifecycles”

Day 5 – Excerpt from my newly released book, “Diving In – An Incident Responder’s Journey: A Guide for Executives, Lawyers, Insurance, Brokers & Audiences Eager to Learn” which you can purchase your copy here -> https://www.amazon.com/Diving-Responders-Executives-Insurance-Audiences/dp/B0CCCHTN8R "Nearly all intrusions involve some type of scouting stage, although attackers may not have specific targets in mind when they start. This is the stage where the attacker may collect information about a victim through the review or…
Read More

Day 4 – Excerpt from Chapter 4 – User Causality in the context of DFIR

Day 4 - Excerpt from my newly released book, "Diving In - An Incident Responder’s Journey: A Guide for Executives, Lawyers, Insurance, Brokers & Audiences Eager to Learn" which you can get your copy here -> https://www.amazon.com/Diving-Responders-Executives-Insurance-Audiences/dp/B0CCCHTN8R "User causality in the context of Digital Forensics science refers to the relationship between a user's actions (cause) and the resulting impact on a digital system (effect) which fundamentally underpins Locard’s Exchange Principle. Understanding this cause-and-effect relationship is…
Read More
Day 3 – Locard’s Exchange Principle and #DFIR

Day 3 – Locard’s Exchange Principle and #DFIR

Day 3 - Excerpt from my newly released book, "Diving In - An Incident Responder’s Journey: A Guide for Executives, Lawyers, Insurance, Brokers & Audiences Eager to Learn" which you can get your copy here -> https://www.amazon.com/Diving-Responders-Executives-Insurance-Audiences/dp/B0CCCHTN8R "Locard's Exchange Principle is a fundamental concept in traditional forensic science, which posits that 'every contact leaves a trace.' In other words, any interaction between an individual and their environment will result in the transfer of physical evidence…
Read More
Day 2 – Excerpt from “Diving In” Book by Devon Ackerman

Day 2 – Excerpt from “Diving In” Book by Devon Ackerman

Day 2 - Excerpt from the second chapter of my brand new #book, "#DivingIn - An Incident Responder’s Journey: A Guide for Executives, Lawyers, Insurance, Brokers & Audiences Eager to Learn" which can be viewed and purchased here! "#Forensic examiners must be able to defensibly recover/extract relevant #evidence, preserve it, and present findings in a manner that it can be legally used in the identification and #attribution of #cybercrime. This includes being able to articulate…
Read More
Diving In – An Incident Responder’s Journey – An Excerpt

Diving In – An Incident Responder’s Journey – An Excerpt

Excerpt from the opening chapter of my new #book, Diving In - An Incident Responder's Journey: A Guide for Executives, Lawyers, Insurance, Brokers & Audiences Eager to Learn, can be purchased here. "Digital Forensics and Incident Response (#DFIR) are two essential areas of investigative and reactive cybersecurity that aim to protect individuals, governments, and organizations of all sizes and complexity from ever-present, ever-evolving cyber threats. Legal counsel and cyber insurance carriers are often called upon…
Read More

AboutDFIR Site Content Update – 07/15/2023

Tools & Artifacts - Windows - new entries added - qBittorrent, Recycle Bin, and Steam Tools & Artifacts - Android - new entry added - Yandex Mail Tools & Artifacts - File Systems - new entry added - $MFT Annual Industry Reports - proofpoint, Verizon, & Orange Cyberdefense Forensicators of DFIR - Fabian Mendoza Jobs - old entries cleaned up, new entries added - Optiv, UST, BetterUp, Stripe, TJX Companies, Rapid7, T Rowe Price, Blackbaud,…
Read More

AboutDFIR Site Content Update – 06/03/2023

Tools & Artifacts - Windows - new entries added - Jumplist - Windows 10, RDP, Event Logs - Hidden Insights, VMware Workstation Memory Analysis, WMI Events, and another Windows Management Instrumentation (WMI) Tools & Artifacts - MacOS - new entry added - Tool List, mac_apt, APOLLO, and fseventd parser Tools & Artifacts - iOS - new entries added - iOS 15 Image (also added to Tool Testing) and Location & Device Data  Tools & Artifacts -…
Read More

AboutDFIR Site Content Update – 05/20/2023

Tools & Artifacts - Windows - new entry added - INetCache Tools & Artifacts - iOS - new entries added - IPA Files, Jailbreak (iOS 15), Anonymous Chat Rooms (Dating App), & iOS Shortcuts Tools & Artifacts - Android - new entries added - Jami and Gboard & Clipboard Training & Certifications - Cyber5W Courses & CCDFA Jobs - old entries cleaned up, new entries added - HM Revenue and Customs Stratford, Sirius XM, Arete,…
Read More

AboutDFIR Site Content Update 05/06/2023

Tools & Artifacts - Windows - new entries added - Adobe Acrobat Reader (link updated), Windows 11 GUID Partition Scheme (GPT), Windows Search Index, & Windows Artifacts General Reference Tools & Artifacts - iOS - new entry added - iPhone PINs & iOS Artifact Reference  Jobs - old entries cleaned up, new entries added - Flashpoint, Cellebrite, Raytheon, Nozomi Networks, Radware, Marriott, & Stripe Don't forget to submit any missing forensicators to our Forensicators of…
Read More

AboutDFIR Site Content Update 04/22/2023

Tools & Artifacts - Windows - new entries added - Memories & pCloud Tools & Artifacts - Android - new entry added - WiFi Annual Industry Reports - new entries added - PwC, Sophos Labs, & Unit 42 Jobs - old entries cleaned up, new entries added - SecureWorks, Varonis, Prudential Financial, Amazon, Kimberly Clark, Voya, Pacific Northwest National Lab, & Microsoft Forensicators of DFIR - cleaned up some dead links and added Derek Eiri…
Read More

AboutDFIR Site Content Update 04/08/2023

Tools & Artifacts - Windows - new entry added - Hayabusa (tool), BitTorrent, Avira Antivirus, GoToMeeting, AnyDesk Tools & Artifacts - Android - new entry added - SetupWizard Tools & Artifacts - iOS - new entry added - Locked Data Annual Industry Reports - new entries added - proofpoint, Arctic Wolf, Avast, BeyondTrust, Blackberry, Check Point, Cisco, Cisco, Veeam, IBM X-Force, Kaspersky, Mandiant, McAfee, Meta, ODNI Jobs - old entries cleaned up, new entries added…
Read More

AboutDFIR Site Content Update 03/25/2023

Tools & Artifacts - Windows - new entries added - BitComet & imo (Messenger) Tools & Artifacts - Linux - new entries added - Image Mounting & Memory Acquisition Tools & Artifacts - MacOS - new entry added - Safari Tools & Artifacts - iOS - new entry added - Deleted Messages Tool Testing - new entries added - Android 13 (x2) Annual Reports - new entries added - FBI Internet Crime Report & Red…
Read More

AboutDFIR Site Content Update 03/11/23

Tools & Artifacts - Windows - new entries added - Artifacts: AVG Antivirus, Windows Mail, USB Connection Times, Remote Access Software, 1Password, & Unigram | Tools: Dissect, Dumpit, & Timesketch Annual Reports - new entries added - RiskLens, Cyble, BD, TrendMicro, Recorded Future, Any.Run, SonicWall, IBM Security X-Force, CrowdStrike, & Datto Jobs - old entries cleaned up, new entries added - Progressive, Oracle, Warner Bros. Discovery, Antigen Security, Sirius XM, & Activision Forensic 4:cast awards…
Read More

AboutDFIR Site Content Update 02/25/23

Tools & Artifacts - Windows - new entries added - Bitdefender, BoxDrive, F-Secure, and OpenVPN Tools & Artifacts - Android - new entry added - GroupMe Jobs - old entries cleaned up, new entries added - Cisco, North American Electric Reliability Corporation (NERC), Deepwatch, Nature's Way, Affinity Federal Credit Union, Sophos, Warner Bros, United Airlines, JP Morgan Chase & Co, American Electric Power, Jackson, and Newell AboutDFIR stickers are still a thing! If you're interested in…
Read More

AboutDFIR Site Content Update 01/28/2023

Tools & Artifacts - Windows - new entries added - LNK Files, Malwarebytes, PsExec, and Prefetch Tools & Artifacts - Android - new entries added - uTorrent and Garmin Connect Tools & Artifacts - File Systems - new entry added - $Security Jobs - old entries cleaned up, new entries added - Raytheon, Charles Schwab, Vanderbilt University, Cisco Talos, IHG Hotels & Resorts, Costco, Trustwave Government Solutions, Toyota Tsusho Systems US, Inc, and Columbia Sportswear…
Read More

The Key to Identify PsExec

Summary: In one way or another, PsExec - a wildly popular remote administration tool in the Microsoft SysInternals Suite - peeks its head in the wild. Threat actors tend to leverage PsExec for various reasons, such as executing commands or programs on a remote host in a victim’s environment, or for more nefarious reasons, such as deploying ransomware. The focus of this blog is to bring attention to a relatively new method of identifying the…
Read More

AboutDFIR Site Content Update 01/15/23

Tools & Artifacts - Windows - new entries added - Program Compatibility Assistant, Security:4624 (Win11), and Notepad++ Tools & Artifacts - iOS- new entries added - Apple Watch Data and Continuity/Cellular Relay Tools & Artifacts - Android - new entry added - TikTok Annual Industry Reports - new entry added - Google Threat Report Jobs - old entries cleaned up, new entries added -Fortinet, Nissan, American Express, Verizon, Marriott, Synchrony, Tyson Foods, and FanDuel AboutDFIR…
Read More