AboutDFIR Site Content Update – 04/26/2024

Challenges & CTFs - old entries cleaned up, new entries added: CTFs: BelkaCTF #6: Bogus Bill CTF Walkthroughs: Belkasoft CTF 6: Write-up Jobs - old entries cleaned up, new entries added: CyberClan IronGate Cybersecurity Mandiant (now part of Google Cloud) modePUSH NCC Group RSM SentinelOne Tools & Artifacts - Android - new entries added: Tools: ALEAPP Artifacts: Android - Digital Wellbeing - Investigating Android Digital Wellbeing Samsung Bluetooth Call Routes - Road Trippin’ – Exploring…
Read More

AboutDFIR Site Content Update – 04/12/2024

Challenges & CTFs - new entries added: Challenges: The DFIR Report - DFIR Labs XINTRA - Advanced APT Emulation Labs Jobs - old entries cleaned up, new entries added: AT&T Mandiant (now part of Google Cloud) Microsoft modePUSH Palo Alto Networks Unit 42 ZeroFox Tools & Artifacts - AWS - new entry added: Artifacts: AWS Amplify Logs - Do NOT forget the AWS Amplify Logs Tools & Artifacts - iOS - new entries added: Tools:…
Read More

AboutDFIR Site Content Update – 03/29/2024

Challenges & CTFs - new entries added - CTF - Magnet Virtual Summit 2024 Capture The Flag, CTF Walkthrough - Magnet Virtual Summit 2024 Capture The Flag - Cipher, iOS (Doug Metz), Magnet Virtual Summit 2024 Capture The Flag - Android, Cipher (DFIR101), Magnet Virtual Summit 2024 Capture The Flag - Android, Cipher, iOS (Forensafe, Kairos (Hestia) Tay, Kevin Pagano, Madi Brumbelow at The Hive) Jobs - old entries cleaned up, new entries added -…
Read More

AboutDFIR Site Content Update – 03/22/2024

Jobs - old entries cleaned up, new entries added - Arete, CrowdStrike, Kivu Consulting, Kroll, Mandiant (now part of Google Cloud), Palo Alto Networks Unit 42, Salesforce, Surefire Cyber, Trustwave Tools & Artifacts - Android - new entry added - WhatsApp - Android WhatsApp Forensics. Part II: Analysis Tools & Artifacts - File Systems - new entry added - NTFS - NTFS Artifacts Tools & Artifacts - iOS - new entries added - Apple Accounts…
Read More

AboutDFIR Site Content Update – 03/15/2024

Jobs - old entries cleaned up, new entries added - Aperture, JPMorgan Chase & Co., Kraft Heinz, Mandiant (now part of Google Cloud), modePUSH, RSM, TrustedSec Tools & Artifacts - Windows - new entries added - AmCache - Evidence of Program Existence - Amcache, Event Tracing (ETW) - ETL File analysis in live, Triage Analysis - Chaos to Clarity: Why Triage is Not Optional, Tools - Invoke-LiveResponse SANS has released an overview for the new…
Read More

AboutDFIR Site Content Update – 03/08/2024

Jobs - old entries cleaned up, new entries added - CrowdStrike, JPMorgan Chase & Co., Keith Borer Consultants, Mitiga, NCC Group, Palo Alto Networks Unit 42, Zurich Tools & Artifacts - Android - new entries added - Android Acquisition - Mobile Forensic Images and Acquisition Priorities, WhatsApp - Android WhatsApp Forensics. Part I: Acquisition Tools & Artifacts - Google Workspace - new entry added - Google Chrome - Google Chrome Platform Notification Analysis Tools &…
Read More

AboutDFIR Site Content Update – 03/01/2024

Jobs - old entries cleaned up, new entries added - JetBlue, Kaseya, Palo Alto Networks Unit 42, Rapid7, Secureworks, Soteria, Sygnia Tools & Artifacts - Android - new entry added - WhatsApp - Investigating Android WhatsApp Tools & Artifacts - AWS - new entry added - AWS Incident Response - AWS Ransomware Tools & Artifacts - Microsoft 365 - new entry added - MailItemsAccessed - MailItemsAccessed Woes: M365 Investigation Challenges Tools & Artifacts - iOS…
Read More

AboutDFIR Site Content Update – 02/23/2024

Jobs - old entries cleaned up, new entries added - Arete, Contact Discovery Services LLC, Huntress, Mandiant (now part of Google Cloud), Palo Alto Networks Unit 42, Surefire Cyber, Thames Valley Police, UCLA Health Tools & Artifacts - AWS - new entry added - AWS Incident Response - How to be IR Prepared in AWS Tools & Artifacts - Google Cloud - new entry added - Google Cloud Incident Response - Google Cloud Incident Response…
Read More

AboutDFIR Site Content Update – 02/16/2024

Jobs - old entries cleaned up, new entries added - Deloitte, IBM, NYU Langone Health, Warner Bros. Discovery Tools & Artifacts - Android - new entry added - Android - SMS - Investigating Android SMS Tools & Artifacts - iOS - new entry added - iOS Acquisition - Bootloader-Level Extraction for Apple Hardware Tools & Artifacts - Microsoft 365 - new entry added - Unified Audit Log (UAL) - What DFIR experts need to know…
Read More

AboutDFIR Site Content Update – 02/09/2024

Jobs - old entries cleaned up, new entries added - Adobe, Alight, Boston Consulting Group (BCG) Tools & Artifacts - Android - new entry added -  Android Acquisition - How to Acquire Digital Evidence with Android Screen Capturer in Belkasoft X Tools & Artifacts - iOS - new entries added - iOS Forensic Toolkit - iOS Forensic Toolkit: Mounting HFS Images in Windows, Snapchat - Investigating iOS Snapchat Tools & Artifacts - Linux - new…
Read More

AboutDFIR Site Content Update – 02/02/2024

Jobs - old entries cleaned up, new entries added - Kroll, Mandiant (now part of Google Cloud), OpenAI, Palo Alto Networks Unit 42 Tools & Artifacts - Google Workspace - new entry added - Google Drive File Stream (DriveFS) - Hunting for File Deletion Artifacts in Google File Stream Data Tools & Artifacts - iOS - new entry added -  iOS Voice Triggers - Investigating iOS Voice Triggers Tools & Artifacts - Windows - new…
Read More

AboutDFIR Site Content Update – 01/26/2024

Jobs - old entries cleaned up, new entries added - Accenture, Arete, Center For Internet Security (CIS), IBM, Red Canary, Surefire Cyber Tools & Artifacts - Android - new entries added - Android Acquisition - The Investigator’s Guide to Android Acquisition Methods. Part I: Device, Life360 - Analyzing Life360 on Android Tools & Artifacts - File Systems - new entries added - Tools - Indx2Csv, Tools - INDXRipper Tools & Artifacts - iOS - new…
Read More

AboutDFIR Site Content Update – 01/19/2024

Jobs - old entries cleaned up, new entries added - Arete, CyberClan, Kivu Consulting, modePUSH, Paramount Tools & Artifacts - DVR/Multimedia - new entry added - Video Analysis - Video Forensic Analysis of Samsung DVRs – Insights from 2024 Tools & Artifacts - iOS - new entries added - iOS Acquisition - When Extraction Meets Analysis: Cellebrite Physical Analyzer, iOS Calls - Investigating iOS Calls Tools & Artifacts - Windows - new entry added -…
Read More

AboutDFIR Site Content Update – 01/12/2024

Jobs - old entries cleaned up, new entries added - Atlassian, Cadence, Calix, CrowdStrike, SAIC Tools & Artifacts - AWS - new entries added - AWS Cloud Forensics - The Importance of Depth: Cloud Forensics Beyond Log Analysis, EC2 (Elastic Compute Cloud) - The Cado Platform can now Capture AWS EC2 Systems into E01 Format Tools & Artifacts - DVR/Multimedia - new entry added - ExifTool - ExifTool Basics for DFIR Tools & Artifacts -…
Read More

AboutDFIR Site Content Update – 01/05/2024

Jobs - old entries cleaned up, new entries added - ADP, Comcast, OpenText, Palo Alto Networks Unit 42, Paylocity, Prudential, State of Minnesota, United Airlines Tools & Artifacts - Android - new entries added - Android Unlocking - Android: Unlock and Rooting, Application Execution - Has the user ever used the XYZ application? aka traces of application execution on mobile devices, Instagram - Investigating Android Instagram Tools & Artifacts - iOS - new entries added -…
Read More

AboutDFIR Site Content Update – 12/29/2023

Jobs - old entries cleaned up, new entries added - ADP, Clear, NCC Group, Palo Alto Networks Unit 42, Pouvoir Judiciaire - Etat de Genève, Warner Bros. Discovery Tools & Artifacts - DVR/Multimedia - new entry added - Video/Image Analysis - Correct the Aspect Ratio of CCTV Footage Tools & Artifacts - Google Workspace - new entries added - Tools - DriveFS Sleuth, Google Drive File Stream (DriveFS) - DriveFS Sleuth — Your Ultimate Google…
Read More

AboutDFIR Site Content Update – 12/22/2023

Jobs - old entries cleaned up, new entries added - Arete, At-Bay, Kivu Consulting, Kroll, Notion, Palo Alto Networks Unit 42, Salesforce, Surefire Cyber Tools & Artifacts - Android - new entry added - Snapchat - Investigating Android Snapchat App Tools & Artifacts - DVR/Multimedia - new entry added - Video/Image Analysis - Measure Speed from Surveillance Video Tools & Artifacts - Linux - new entries added - Linux Forensics - Using the Unix-like Artifacts…
Read More

AboutDFIR Site Content Update – 12/15/2023

Jobs - old entries cleaned up, new entries added - AWS, Booz Allen Hamilton, CDW, Cyderes, Palo Alto Networks Unit 42, State Street, Verizon Challenges & CTFs - new entry added - CTF Walkthrough - Cellebrite CTF 2023 - Sharon (Forensafe) Tools & Artifacts - AWS - new entry added - CloudTrail - AWS CloudTrail Forensics - HTB Nubilum-1 Tools & Artifacts - iOS - new entry added - iTunes Backups - The Pitfalls of…
Read More

AboutDFIR Site Content Update – 12/08/2023

Jobs - old entries cleaned up, new entries added - Accenture, Booz Allen Hamilton, CDW, Cloudflare, Moderna, NCC Group Tools & Artifacts - Android - new entry added - Viber - Investigating Android Viber Tools & Artifacts - DVR/Multimedia - new entry added - Video/Image Analysis - Increase Exposure of Dark Footage Tools & Artifacts - Google Workspace - new entry added - Gmail - Dots do matter: Why dots in Gmail addresses impact Google…
Read More

AboutDFIR Site Content Update – 12/01/2023

Jobs - old entries cleaned up, new entries added - Magnet Forensics, NCC Group, Palo Alto Networks Unit 42, SentinelOne Tools & Artifacts - Android - new entries added - Android - Gmail - Investigating Android Gmail, WhatsApp - Forensic Duel: Exploring Deleted WhatsApp Messages—iOS vs Android Tools & Artifacts - AWS - new entry added - Tools - Cado's Import UI Tools & Artifacts - Azure - new entry added - Tools - Cado's…
Read More

AboutDFIR Site Content Update – 11/24/2023

Certifications & Training - new entry added - SANS - GX-PT Jobs - old entries cleaned up, new entries added - Cellebrite, CrowdStrike, Department of Homeland Security (DHS), FTI Consulting, IBM, JP Morgan Chase & Co., LinkedIn, Mandiant (now part of Google Cloud), Red Canary, USAA Tools & Artifacts - DVR/Multimedia - new entry added - Video/Image Analysis - Correct Optical Distortion Tools & Artifacts - Android - new entry added - Android - IMO…
Read More

AboutDFIR Site Content Update – 11/17/2023

Challenges & CTFs - new entries added - CTF Walkthrough - Cellebrite CTF 2023 - Abe (Forensafe), LetsDefend - Ransomware Attack (N00b_H@ck3r) Jobs - old entries cleaned up, new entries added - Ankura, Arete, Cadence, Lockheed Martin, Peraton, Tesla, TransPerfect Legal Tools & Artifacts - AWS - new entry added - Tools - cloudgrep Tools & Artifacts - Azure - new entry added - Tools - cloudgrep Tools & Artifacts - Google Cloud - new…
Read More

AboutDFIR Site Content Update – 11/10/2023

Challenges & CTFs - new entry added - CTF Walkthrough - Huntress Capture The Flag - A CTF Marathon (Doug Metz) Jobs - old entries cleaned up, new entries added - Palo Alto Networks Unit 42, Paramount, Rapid7, SentinelOne Tools & Artifacts - Android - new entries added - Android Acquisition - Data Extraction Cheatsheet, Android - Playstore - Investigating Android Playstore Search History Tools & Artifacts - AWS - new entry added - AWS…
Read More

AboutDFIR Site Content Update – 11/03/2023

Challenges & CTFs - new entries added - CTF - Dragos Capture The Flag 2023, Huntress Capture The Flag 2023, Cellebrite CTF 2023, CTF Walkthrough - Cellebrite CTF 2023 - Abe (Kevin Pagano), Cellebrite CTF 2023 - Felix (Kevin Pagano), Cellebrite CTF 2023 - Felix (Forensafe), Challenge #1 - Web Server Case (Joseph Moronwi) Jobs - old entries cleaned up, new entries added - Forensic Discovery LLC, Illinois State Police, Palo Alto Networks Unit 42,…
Read More

AboutDFIR Site Content Update – 10/27/2023

Home - new page created - AWS Home - new page created - Google Cloud Home - new page created - Google Workspace Home - new page created - Microsoft Azure Home - new page created - Microsoft 365 Jobs - old entries cleaned up, new entries added - Arete, Eli Lilly and Company, Fortinet, modePUSH, State Street, Sygnia, Uber Tools & Artifacts - Android - new entries added - Google Maps - Finding Phones…
Read More

AboutDFIR Site Content Update – 10/20/2023

Tools & Artifacts - Windows - new entries added - Prefetch - Artifacts of Execution: Prefetch - Part One, JLECmd - [DFIR TOOLS] JLECmd, what is it & how to use! Tools & Artifacts - Linux - new entry added - Linux Forensics - Investigating a Compromised Web Server Tools & Artifacts - DVR/Multimedia - new entries added - Image Analysis - Enhance a Backlit Scene, How To Reveal AI-generated Images by Checking Shadows and…
Read More

AboutDFIR Site Content Update – 10/13/2023

Tools & Artifacts - Windows - new entries added - Intrusion Analysis - Windows Artifacts For Intrusion Analysis: A Treasure Trove of Evidence, TeraCopy - Introducing TeraLogger, Timeline Analysis - Timeline Creation for Forensic Analysis Tools & Artifacts - macOS - new entry added - macOS - Sonoma - Sonoma’s log gets briefer and more secretive Tools & Artifacts - Linux - new entry added - Linux Forensics - Linux Forensics In Depth Tools &…
Read More

AboutDFIR Site Content Update – 10/06/2023

Tools & Artifacts - Windows - new entries added - ScreenConnect - From ScreenConnect to Hive Ransomware in 61 hours, UserAssist - Decoding Windows Registry Artifacts with Belkasoft X: UserAssist, USB Devices - Automated USB artefact parsing from the Registry Tools & Artifacts - iOS - new entry added - iOS15 - iOS 15 Image Forensics Analysis and Tools Comparison - Processing details and general device information Tools & Artifacts - Android - new entry…
Read More

AboutDFIR Site Content Update – 09/29/2023

Tools & Artifacts - Windows - new entry added - OneDriveExplorer - OneDriveExplorer ODL Parsing Issues Tools & Artifacts - iOS - new entries added - iOS Acquisition - iCloud Advanced Data Protection: Implications for Forensic Extraction Tools & Artifacts - Android - new entry added - Last SIM - Investigating Android Last SIM Tools & Artifacts - DVR/Multimedia - new entry added - Video/Image Analysis - Super Resolution from Different Perspectives Jobs - old…
Read More

AboutDFIR Site Content Update – 09/22/2023

Tools & Artifacts - Windows - new entry added - EventTransciptParser Tools & Artifacts - iOS - new entries added - iOS 17 - iOS 17 Forensics: Another Year, Another Byte of the Apple, iOS - iOS System Artifacts: Revealing Hidden Clues, iOS Acquisition - iOS Forensic Toolkit: Troubleshooting Low-Level Extraction Agent Tools & Artifacts - Android - new entry added - Android - Accounts - Investigating Android Accounts Tools & Artifacts - DVR/Multimedia -…
Read More

AboutDFIR Site Content Update – 09/15/2023

Tools & Artifacts - Windows - new entries added - Level.io - RMM - Level.io: Forensic Artifacts and Evidence, OneDriveExplorer - What's New in OneDriveExplorer, Microsoft Edge - Microsoft Edge Forensics: Screenshot History  Tools & Artifacts - iOS - new entry added - WhatsApp - iOS WhatsApp Forensics with Belkasoft X Tools & Artifacts - Android - new entry added - Android - Contacts - Investigating Android Contacts Tools & Artifacts - DVR/Multimedia - new…
Read More

AboutDFIR Site Content Update – 09/08/2023

Tools & Artifacts - Windows - new entry added - Microsoft Remote Access VPN - Forensic Aspects of Microsoft Remote Access VPN Tools & Artifacts - Linux - new entry added - Walk-through of Dr. Ali Hadi's Web Server Case CTF Tools & Artifacts - iOS - new entry added - Telegram - Investigating iOS Telegram Tools & Artifacts - DVR/Multimedia - new entry added - Deblur a Moving Car Jobs - old entries cleaned…
Read More

AboutDFIR Site Content Update – 07/15/2023

Tools & Artifacts - Windows - new entries added - qBittorrent, Recycle Bin, and Steam Tools & Artifacts - Android - new entry added - Yandex Mail Tools & Artifacts - File Systems - new entry added - $MFT Annual Industry Reports - proofpoint, Verizon, & Orange Cyberdefense Forensicators of DFIR - Fabian Mendoza Jobs - old entries cleaned up, new entries added - Optiv, UST, BetterUp, Stripe, TJX Companies, Rapid7, T Rowe Price, Blackbaud,…
Read More

AboutDFIR Site Content Update – 06/03/2023

Tools & Artifacts - Windows - new entries added - Jumplist - Windows 10, RDP, Event Logs - Hidden Insights, VMware Workstation Memory Analysis, WMI Events, and another Windows Management Instrumentation (WMI) Tools & Artifacts - MacOS - new entry added - Tool List, mac_apt, APOLLO, and fseventd parser Tools & Artifacts - iOS - new entries added - iOS 15 Image (also added to Tool Testing) and Location & Device Data  Tools & Artifacts -…
Read More

AboutDFIR Site Content Update – 05/20/2023

Tools & Artifacts - Windows - new entry added - INetCache Tools & Artifacts - iOS - new entries added - IPA Files, Jailbreak (iOS 15), Anonymous Chat Rooms (Dating App), & iOS Shortcuts Tools & Artifacts - Android - new entries added - Jami and Gboard & Clipboard Training & Certifications - Cyber5W Courses & CCDFA Jobs - old entries cleaned up, new entries added - HM Revenue and Customs Stratford, Sirius XM, Arete,…
Read More

AboutDFIR Site Content Update 05/06/2023

Tools & Artifacts - Windows - new entries added - Adobe Acrobat Reader (link updated), Windows 11 GUID Partition Scheme (GPT), Windows Search Index, & Windows Artifacts General Reference Tools & Artifacts - iOS - new entry added - iPhone PINs & iOS Artifact Reference  Jobs - old entries cleaned up, new entries added - Flashpoint, Cellebrite, Raytheon, Nozomi Networks, Radware, Marriott, & Stripe Don't forget to submit any missing forensicators to our Forensicators of…
Read More

AboutDFIR Site Content Update 04/22/2023

Tools & Artifacts - Windows - new entries added - Memories & pCloud Tools & Artifacts - Android - new entry added - WiFi Annual Industry Reports - new entries added - PwC, Sophos Labs, & Unit 42 Jobs - old entries cleaned up, new entries added - SecureWorks, Varonis, Prudential Financial, Amazon, Kimberly Clark, Voya, Pacific Northwest National Lab, & Microsoft Forensicators of DFIR - cleaned up some dead links and added Derek Eiri…
Read More

AboutDFIR Site Content Update 04/08/2023

Tools & Artifacts - Windows - new entry added - Hayabusa (tool), BitTorrent, Avira Antivirus, GoToMeeting, AnyDesk Tools & Artifacts - Android - new entry added - SetupWizard Tools & Artifacts - iOS - new entry added - Locked Data Annual Industry Reports - new entries added - proofpoint, Arctic Wolf, Avast, BeyondTrust, Blackberry, Check Point, Cisco, Cisco, Veeam, IBM X-Force, Kaspersky, Mandiant, McAfee, Meta, ODNI Jobs - old entries cleaned up, new entries added…
Read More

AboutDFIR Site Content Update 03/25/2023

Tools & Artifacts - Windows - new entries added - BitComet & imo (Messenger) Tools & Artifacts - Linux - new entries added - Image Mounting & Memory Acquisition Tools & Artifacts - MacOS - new entry added - Safari Tools & Artifacts - iOS - new entry added - Deleted Messages Tool Testing - new entries added - Android 13 (x2) Annual Reports - new entries added - FBI Internet Crime Report & Red…
Read More

AboutDFIR Site Content Update 03/11/23

Tools & Artifacts - Windows - new entries added - Artifacts: AVG Antivirus, Windows Mail, USB Connection Times, Remote Access Software, 1Password, & Unigram | Tools: Dissect, Dumpit, & Timesketch Annual Reports - new entries added - RiskLens, Cyble, BD, TrendMicro, Recorded Future, Any.Run, SonicWall, IBM Security X-Force, CrowdStrike, & Datto Jobs - old entries cleaned up, new entries added - Progressive, Oracle, Warner Bros. Discovery, Antigen Security, Sirius XM, & Activision Forensic 4:cast awards…
Read More

AboutDFIR Site Content Update 01/28/2023

Tools & Artifacts - Windows - new entries added - LNK Files, Malwarebytes, PsExec, and Prefetch Tools & Artifacts - Android - new entries added - uTorrent and Garmin Connect Tools & Artifacts - File Systems - new entry added - $Security Jobs - old entries cleaned up, new entries added - Raytheon, Charles Schwab, Vanderbilt University, Cisco Talos, IHG Hotels & Resorts, Costco, Trustwave Government Solutions, Toyota Tsusho Systems US, Inc, and Columbia Sportswear…
Read More

AboutDFIR Site Content Update 12/31/22

Tools & Artifacts - Windows - new entry added - Event Logs (Cheat Sheet), Google Drive FS, File Explorer - Temporary Zip Folders, and Kaspersky Antivirus Tools & Artifacts - MacOS- new entry added - Logs - Unified Log Rolling Tools & Artifacts - Android - new entry added - Tusky Jobs - old entries cleaned up, new entries added - ADP, Pearson, Dell Secureworks, GEICO, United Airways, Xerox, Broadcom, and Malwarebytes AboutDFIR stickers are still…
Read More

AboutDFIR Site Content Update 12/17/22

Tools & Artifacts - Windows - new entry added - Defender Tools & Artifacts - iOS- new entries added - Dual SIM Phones, Photos.sqlite - ZINTERNALRESOURCE, Cache.db Tools & Artifacts - Android - new entries added - Sygic, Dual SIM Phones, Mastodon, Android 13 Image SANS Difference Makers Awards - Will update our page soon, but here's a recording of the Ceremony Jobs - old entries cleaned up, new entries added - Yahoo, Detego, and…
Read More

AboutDFIR Site Content Update 12/3/22

Tools & Artifacts - Windows - new entries added - MUICache and FeatureUsage/Taskbar Tools & Artifacts - iOS- new entry added - Facebook Messenger and AppIntent Jobs - old entries cleaned up, new entries added - CISA, Deloitte, Reddit, DigitalOcean, Durham Police Department, SEROCU, and Tracepoint Page of the Month - SANS Posters - new and updated posters have been added. (This has become more of a "Resource of the Month" so I'm going to…
Read More

AboutDFIR Site Content Update 11/22/22

Tools & Artifacts - Windows - new entries added - iTunes, Recent Items, and Email Forensics Tools & Artifacts - Linux - new entry added - Linux History File Timestamps Tools & Artifacts - Android - new entry added - Bumble Jobs - old entries cleaned up, new entries added - Peloton, Edgewater, and LiveNation Entertainment Leading right into U.S. Thanksgiving, I need to give a huge thank you to Alex (you may know him…
Read More

AboutDFIR Site Content Update 11/6/22

Tools & Artifacts - Windows - new entries added - LogMeIn, ExpressVPN, Time Rules (Win11), SRUM, Quick Access, FileZilla, WSH, OneDrive in $MFT, VirtualBox, Chrome Deleted History, File Extension Associations, Browser Artifacts, Registry, and OneDrive. Tools & Artifacts - Android - new entry added - Kik Messenger and Android Reset Data Tools & Artifacts - iOS - new entries added - Deleted SMS/iMessage, KnowledgeC.db Notifications, and Sysdiagnose Tools & Artifacts - File Systems - new…
Read More

AboutDFIR Site Content Update 10/9/22

Tools & Artifacts - Windows - new entries added - Slack, Event Log Access, ProtonVPN, Hintfo Tools & Artifacts - Android - new entry added - Device Health Services Tools & Artifacts - iOS - new entries added - AppInstalls, AppLaunch, & AppIntents, Carplay, Safari, Siri, Unsent Messages, KnowledgeC.db Jobs - old entries cleaned up, new entries added - ZenDesk, Binary Defense, Circle, Charles Schwab, and AllState AboutDFIR stickers are still a thing! If you're interested…
Read More

AboutDFIR Site Content Update 9/24/22

Tools & Artifacts - Windows - new entries added - Microsoft Management Console MRU, File Carving, WordPad Recent Files, SDeleted Files, MRU, File Signature and Hash Analysis, Desktop Wallpaper, Windows Startup Programs, Microsoft Teams, and Email Forensics Tools & Artifacts - Android - new entry added - Forensic References Tools & Artifacts - iOS - new entry added - DFU: iPhone 8, 8 Plus, and iPhone X and Shared with You Syndication Photo Library Jobs…
Read More

AboutDFIR Site Content Update 9/10/22

Updates! Tools & Artifacts - Windows - new entries added - ShimCache, YARA Rules, AnyDesk, Registry, WinZip, Swapfile URLs, viber.db Tools & Artifacts - MacOS - new entry added - Unified Logs Tools & Artifacts - iOS - new entry added - Apple Health Jobs - old entries cleaned up, new entries added - KPMG, Deloitte, Cisco, Microsoft, Charles River Associates, Coalfire, Amazon, EY, and Raytheon Technologies Forensicators of DFIR - new entry added -…
Read More

AboutDFIR Site Content Update 8/27/22

The Forensic 4:cast Awards were announced. While we wait for the official posting, feel free to check my SANS DFIR Summit link collection for the results towards the bottom. I will add the official link to the Awards page on here as soon as I can.  Tools & Artifacts - Windows - new entries added - SQLite Databases, Recents Folder, Last Shutdown Jobs - old entries cleaned up, new entries added - Trellix, Bank of…
Read More