03 Jun 2023
By Cassie Doemel

AboutDFIR Site Content Update – 06/03/2023

Tools & Artifacts - Windows - new entries added - Jumplist - Windows 10, RDP, Event Logs - Hidden Insights, VMware Workstation Memory Analysis, WMI Events, and another Windows Management Instrumentation (WMI) Tools & Artifacts - MacOS - new entry added - Tool List, mac_apt, APOLLO, and fseventd parser Tools & Artifacts - iOS - new entries added - iOS 15 Image (also added to Tool Testing) and Location & Device Data  Tools & Artifacts -…
Read More
20 May 2023
By Cassie Doemel

AboutDFIR Site Content Update – 05/20/2023

Tools & Artifacts - Windows - new entry added - INetCache Tools & Artifacts - iOS - new entries added - IPA Files, Jailbreak (iOS 15), Anonymous Chat Rooms (Dating App), & iOS Shortcuts Tools & Artifacts - Android - new entries added - Jami and Gboard & Clipboard Training & Certifications - Cyber5W Courses & CCDFA Jobs - old entries cleaned up, new entries added - HM Revenue and Customs Stratford, Sirius XM, Arete,…
Read More
22 Apr 2023
By Cassie Doemel

AboutDFIR Site Content Update 04/22/2023

Tools & Artifacts - Windows - new entries added - Memories & pCloud Tools & Artifacts - Android - new entry added - WiFi Annual Industry Reports - new entries added - PwC, Sophos Labs, & Unit 42 Jobs - old entries cleaned up, new entries added - SecureWorks, Varonis, Prudential Financial, Amazon, Kimberly Clark, Voya, Pacific Northwest National Lab, & Microsoft Forensicators of DFIR - cleaned up some dead links and added Derek Eiri…
Read More
08 Apr 2023
By Cassie Doemel

AboutDFIR Site Content Update 04/08/2023

Tools & Artifacts - Windows - new entry added - Hayabusa (tool), BitTorrent, Avira Antivirus, GoToMeeting, AnyDesk Tools & Artifacts - Android - new entry added - SetupWizard Tools & Artifacts - iOS - new entry added - Locked Data Annual Industry Reports - new entries added - proofpoint, Arctic Wolf, Avast, BeyondTrust, Blackberry, Check Point, Cisco, Cisco, Veeam, IBM X-Force, Kaspersky, Mandiant, McAfee, Meta, ODNI Jobs - old entries cleaned up, new entries added…
Read More
28 Jan 2023
By Cassie Doemel

AboutDFIR Site Content Update 01/28/2023

Tools & Artifacts - Windows - new entries added - LNK Files, Malwarebytes, PsExec, and Prefetch Tools & Artifacts - Android - new entries added - uTorrent and Garmin Connect Tools & Artifacts - File Systems - new entry added - $Security Jobs - old entries cleaned up, new entries added - Raytheon, Charles Schwab, Vanderbilt University, Cisco Talos, IHG Hotels & Resorts, Costco, Trustwave Government Solutions, Toyota Tsusho Systems US, Inc, and Columbia Sportswear…
Read More
31 Dec 2022
By Cassie Doemel

AboutDFIR Site Content Update 12/31/22

Tools & Artifacts - Windows - new entry added - Event Logs (Cheat Sheet), Google Drive FS, File Explorer - Temporary Zip Folders, and Kaspersky Antivirus Tools & Artifacts - MacOS- new entry added - Logs - Unified Log Rolling Tools & Artifacts - Android - new entry added - Tusky Jobs - old entries cleaned up, new entries added - ADP, Pearson, Dell Secureworks, GEICO, United Airways, Xerox, Broadcom, and Malwarebytes AboutDFIR stickers are still…
Read More
17 Dec 2022
By Cassie Doemel

AboutDFIR Site Content Update 12/17/22

Tools & Artifacts - Windows - new entry added - Defender Tools & Artifacts - iOS- new entries added - Dual SIM Phones, Photos.sqlite - ZINTERNALRESOURCE, Cache.db Tools & Artifacts - Android - new entries added - Sygic, Dual SIM Phones, Mastodon, Android 13 Image SANS Difference Makers Awards - Will update our page soon, but here's a recording of the Ceremony Jobs - old entries cleaned up, new entries added - Yahoo, Detego, and…
Read More
22 Nov 2022
By Cassie Doemel

AboutDFIR Site Content Update 11/22/22

Tools & Artifacts - Windows - new entries added - iTunes, Recent Items, and Email Forensics Tools & Artifacts - Linux - new entry added - Linux History File Timestamps Tools & Artifacts - Android - new entry added - Bumble Jobs - old entries cleaned up, new entries added - Peloton, Edgewater, and LiveNation Entertainment Leading right into U.S. Thanksgiving, I need to give a huge thank you to Alex (you may know him…
Read More
14 Oct 2022
By Mary

InfoSec News Nuggets 10/14/2022

Jury finds BNSF Railway guilty of violating Illinois Biometric Privacy Act Railroad giant BNSF has been found guilty of violating the privacy of 45,000 drivers. In U.S. District Court in Chicago Wednesday, a jury awarded a $228 million verdict to the truck drivers who filed a class-action suit. BNSF was found guilty of violating Illinois the Biometric Privacy Act (BIPA). The state law basically says you can collect iris scans, fingerprints, voiceprints, facial geometry scans, but…
Read More
24 Sep 2022
By Cassie Doemel

AboutDFIR Site Content Update 9/24/22

Tools & Artifacts - Windows - new entries added - Microsoft Management Console MRU, File Carving, WordPad Recent Files, SDeleted Files, MRU, File Signature and Hash Analysis, Desktop Wallpaper, Windows Startup Programs, Microsoft Teams, and Email Forensics Tools & Artifacts - Android - new entry added - Forensic References Tools & Artifacts - iOS - new entry added - DFU: iPhone 8, 8 Plus, and iPhone X and Shared with You Syndication Photo Library Jobs…
Read More
02 Aug 2022
By Mary

InfoSec News Nuggets 08/02/2022

What does Tim Hortons think your data is worth? A coffee and donut, apparently Tim Hortons, the Canadian fast food chain accused of using its mobile app to collect “vast amounts of sensitive location data” in violation of Canadian privacy laws, says it’s reached a proposed settlement in the resulting class action lawsuits, Vice reports. To make up for tracking users, recording their movements “every few minutes” even when the app was closed, the chain is proposing…
Read More
30 Jul 2022
By Cassie Doemel

AboutDFIR Site Content Update 7/30/22

The site update is busy this week!  SANS Security Awareness Summit is next week Aug 3 & 4 and is still doing hybrid/virtual. This means you can still sign up to attend virtually for free today! The suggested attendees include CISOs, Security Engineers/Architects, Education/Training professionals, and Compliance/Legal/Auditing professionals. Topics include Phishing, Office365, Equifax, Metaverse, Psychology, Human Risk, and staying safe online. Tools & Artifacts - Windows - new entries added - Browser Downloads, Machine SID,…
Read More
16 Jul 2022
By Cassie Doemel

AboutDFIR Site Content Update 7/16/22

Forensic 4:cast Award voting is now open!  Tools & Artifacts - Windows - new entries added - Event Tracing (ETW), Event Logs, Registry Hive Bins, ADS Zone.Identifier, Profiles, 360 Secure Browser, and Windows Management Instrumentation (WMI) Tools & Artifacts - Android - new entry added - Session Tools & Artifacts - iOS - new entry added - Speed/ZRTCLLOCATIONMO Jobs - old entries cleaned up, new entries added - ZeroFox, PWC, Gartner, Zoom, Cisco, Sophos, and Arctic…
Read More
02 Jul 2022
By Cassie Doemel

AboutDFIR Site Content Update 7/2/22

Summer is ramping up and July seems to be a somewhat light month for updates. I'm hoping this means everyone is getting to enjoy some time to themselves doing whatever it is that you enjoy!  Featured Page of the Month - A link to "The Effect of Ransomware After The Investigation" authored by Devon. Read up on how ransomware can impact people and businesses. Tools & Artifacts - Windows - new entries added - Memory…
Read More
18 Jun 2022
By Cassie Doemel

AboutDFIR Site Content Update 6/18/22

SANS held their first Ransomware Summit this week. If you missed it, I grabbed all the links I could and the sessions will be shared by SANS on Youtube soon. I especially liked Kunal Shandil's talk, "Multifaceted Extortion: Analysis of Data Exfiltration TTPs Used by Ransomware Threat Actors" and Jeffry Lang's break down "Kaseya Ransomware Reaction - Lessons Learned".  Tools & Artifacts - Windows - new entries added - Logfile, Tasks, Powershell Logs, VSS Carver,…
Read More
04 Jun 2022
By Cassie Doemel

AboutDFIR Site Content Update 6/4/22

Surprise, not surprise, I posted the research!  Informally, I'd like to break down a little more what it could be useful for. App Timeline Provider logs mouse, keyboard, and audio activity for apps that are in focus on Windows 8+ machines. If you have mouse and keyboard activity within an app, you're validating that the window was "in focus" and that it was interacted with. If you have audio input and audio output, you can…
Read More
23 Apr 2022
By Cassie Doemel

AboutDFIR Site Content Update 4/23/22

Big thing right up front - this is the last site update before the Forensic 4:Cast nominations close -  click here to nominate your favorite or most useful resources!  Annual Industry Reports- new entries added - RIA, Arctic Wolf, and Meta Jobs - new entries added - Raytheon Intelligence & Space, Zachary Piper Solutions, Cognizant, Kyndryl, and Center for Internet Security Tools & Artifacts - Windows - new entries added - Windows Registry, a graphing…
Read More
09 Apr 2022
By Cassie Doemel

AboutDFIR Site Content Update 4/9/22

Keeping it short and sweet today. Hope you're all doing well! Annual Industry Reports- new entry added - 2022 Cyberthreat Defense Report & Cyber Security Breaches Survey 2022 Jobs - new entries added and old cleaned up - New positions include: Kroll, Peraton, Crowdstrike, Secureworks, and the Federal Public Defender's Office in Los Angeles Tools & Artifacts - Windows - new entries added - Pagefile URLs, Battery Levels, & PowerShell Scripts Tools & Artifacts -…
Read More
11 Nov 2021
By Mary

InfoSec News Nuggets 11/11/2021

Microsoft patches Excel zero-day used in attacks, asks Mac users to wait During this month's Patch Tuesday, Microsoft has patched an Excel zero-day vulnerability exploited in the wild by threat actors. Zero-days, as defined by Microsoft, are publicly disclosed bugs with no official security updates. The vulnerability, tracked as CVE-2021-42292, is a high severity security feature bypass that unauthenticated attackers can exploit locally in low complexity attacks that don't require user interaction. Microsoft also patched a…
Read More
04 Mar 2020
By Mary

InfoSec News Nuggets 3/4/2020

1 - Here’s the File Clearview AI Has Been Keeping on Me, and Probably on You Too After a recent, extensive, and rather withering bout of bad press, the facial recognition company Clearview AI has changed its homepage, which now touts all the things it says its technology can do, and a few things it can’t. Clearview’s system, the company says, is “an after-the-fact research tool. Clearview is not a surveillance system and is not built like…
Read More