24 Nov 2023
By Fabian Mendoza

AboutDFIR Site Content Update – 11/24/2023

Certifications & Training - new entry added - SANS - GX-PT Jobs - old entries cleaned up, new entries added - Cellebrite, CrowdStrike, Department of Homeland Security (DHS), FTI Consulting, IBM, JP Morgan Chase & Co., LinkedIn, Mandiant (now part of Google Cloud), Red Canary, USAA Tools & Artifacts - DVR/Multimedia - new entry added - Video/Image Analysis - Correct Optical Distortion Tools & Artifacts - Android - new entry added - Android - IMO…
Read More
17 Nov 2023
By Fabian Mendoza

AboutDFIR Site Content Update – 11/17/2023

Challenges & CTFs - new entries added - CTF Walkthrough - Cellebrite CTF 2023 - Abe (Forensafe), LetsDefend - Ransomware Attack (N00b_H@ck3r) Jobs - old entries cleaned up, new entries added - Ankura, Arete, Cadence, Lockheed Martin, Peraton, Tesla, TransPerfect Legal Tools & Artifacts - AWS - new entry added - Tools - cloudgrep Tools & Artifacts - Azure - new entry added - Tools - cloudgrep Tools & Artifacts - Google Cloud - new…
Read More
10 Nov 2023
By Fabian Mendoza

AboutDFIR Site Content Update – 11/10/2023

Challenges & CTFs - new entry added - CTF Walkthrough - Huntress Capture The Flag - A CTF Marathon (Doug Metz) Jobs - old entries cleaned up, new entries added - Palo Alto Networks Unit 42, Paramount, Rapid7, SentinelOne Tools & Artifacts - Android - new entries added - Android Acquisition - Data Extraction Cheatsheet, Android - Playstore - Investigating Android Playstore Search History Tools & Artifacts - AWS - new entry added - AWS…
Read More
03 Nov 2023
By Fabian Mendoza

AboutDFIR Site Content Update – 11/03/2023

Challenges & CTFs - new entries added - CTF - Dragos Capture The Flag 2023, Huntress Capture The Flag 2023, Cellebrite CTF 2023, CTF Walkthrough - Cellebrite CTF 2023 - Abe (Kevin Pagano), Cellebrite CTF 2023 - Felix (Kevin Pagano), Cellebrite CTF 2023 - Felix (Forensafe), Challenge #1 - Web Server Case (Joseph Moronwi) Jobs - old entries cleaned up, new entries added - Forensic Discovery LLC, Illinois State Police, Palo Alto Networks Unit 42,…
Read More
27 Oct 2023
By Fabian Mendoza

AboutDFIR Site Content Update – 10/27/2023

Home - new page created - AWS Home - new page created - Google Cloud Home - new page created - Google Workspace Home - new page created - Microsoft Azure Home - new page created - Microsoft 365 Jobs - old entries cleaned up, new entries added - Arete, Eli Lilly and Company, Fortinet, modePUSH, State Street, Sygnia, Uber Tools & Artifacts - Android - new entries added - Google Maps - Finding Phones…
Read More
20 Oct 2023
By Fabian Mendoza

AboutDFIR Site Content Update – 10/20/2023

Tools & Artifacts - Windows - new entries added - Prefetch - Artifacts of Execution: Prefetch - Part One, JLECmd - [DFIR TOOLS] JLECmd, what is it & how to use! Tools & Artifacts - Linux - new entry added - Linux Forensics - Investigating a Compromised Web Server Tools & Artifacts - DVR/Multimedia - new entries added - Image Analysis - Enhance a Backlit Scene, How To Reveal AI-generated Images by Checking Shadows and…
Read More
13 Oct 2023
By Fabian Mendoza

AboutDFIR Site Content Update – 10/13/2023

Tools & Artifacts - Windows - new entries added - Intrusion Analysis - Windows Artifacts For Intrusion Analysis: A Treasure Trove of Evidence, TeraCopy - Introducing TeraLogger, Timeline Analysis - Timeline Creation for Forensic Analysis Tools & Artifacts - macOS - new entry added - macOS - Sonoma - Sonoma’s log gets briefer and more secretive Tools & Artifacts - Linux - new entry added - Linux Forensics - Linux Forensics In Depth Tools &…
Read More
06 Oct 2023
By Fabian Mendoza

AboutDFIR Site Content Update – 10/06/2023

Tools & Artifacts - Windows - new entries added - ScreenConnect - From ScreenConnect to Hive Ransomware in 61 hours, UserAssist - Decoding Windows Registry Artifacts with Belkasoft X: UserAssist, USB Devices - Automated USB artefact parsing from the Registry Tools & Artifacts - iOS - new entry added - iOS15 - iOS 15 Image Forensics Analysis and Tools Comparison - Processing details and general device information Tools & Artifacts - Android - new entry…
Read More
29 Sep 2023
By Fabian Mendoza

AboutDFIR Site Content Update – 09/29/2023

Tools & Artifacts - Windows - new entry added - OneDriveExplorer - OneDriveExplorer ODL Parsing Issues Tools & Artifacts - iOS - new entries added - iOS Acquisition - iCloud Advanced Data Protection: Implications for Forensic Extraction Tools & Artifacts - Android - new entry added - Last SIM - Investigating Android Last SIM Tools & Artifacts - DVR/Multimedia - new entry added - Video/Image Analysis - Super Resolution from Different Perspectives Jobs - old…
Read More
22 Sep 2023
By Fabian Mendoza

AboutDFIR Site Content Update – 09/22/2023

Tools & Artifacts - Windows - new entry added - EventTransciptParser Tools & Artifacts - iOS - new entries added - iOS 17 - iOS 17 Forensics: Another Year, Another Byte of the Apple, iOS - iOS System Artifacts: Revealing Hidden Clues, iOS Acquisition - iOS Forensic Toolkit: Troubleshooting Low-Level Extraction Agent Tools & Artifacts - Android - new entry added - Android - Accounts - Investigating Android Accounts Tools & Artifacts - DVR/Multimedia -…
Read More
15 Sep 2023
By Fabian Mendoza

AboutDFIR Site Content Update – 09/15/2023

Tools & Artifacts - Windows - new entries added - Level.io - RMM - Level.io: Forensic Artifacts and Evidence, OneDriveExplorer - What's New in OneDriveExplorer, Microsoft Edge - Microsoft Edge Forensics: Screenshot History  Tools & Artifacts - iOS - new entry added - WhatsApp - iOS WhatsApp Forensics with Belkasoft X Tools & Artifacts - Android - new entry added - Android - Contacts - Investigating Android Contacts Tools & Artifacts - DVR/Multimedia - new…
Read More
08 Sep 2023
By Fabian Mendoza

AboutDFIR Site Content Update – 09/08/2023

Tools & Artifacts - Windows - new entry added - Microsoft Remote Access VPN - Forensic Aspects of Microsoft Remote Access VPN Tools & Artifacts - Linux - new entry added - Walk-through of Dr. Ali Hadi's Web Server Case CTF Tools & Artifacts - iOS - new entry added - Telegram - Investigating iOS Telegram Tools & Artifacts - DVR/Multimedia - new entry added - Deblur a Moving Car Jobs - old entries cleaned…
Read More
03 Jun 2023
By Cassie Doemel

AboutDFIR Site Content Update – 06/03/2023

Tools & Artifacts - Windows - new entries added - Jumplist - Windows 10, RDP, Event Logs - Hidden Insights, VMware Workstation Memory Analysis, WMI Events, and another Windows Management Instrumentation (WMI) Tools & Artifacts - MacOS - new entry added - Tool List, mac_apt, APOLLO, and fseventd parser Tools & Artifacts - iOS - new entries added - iOS 15 Image (also added to Tool Testing) and Location & Device Data  Tools & Artifacts -…
Read More
06 May 2023
By Cassie Doemel

AboutDFIR Site Content Update 05/06/2023

Tools & Artifacts - Windows - new entries added - Adobe Acrobat Reader (link updated), Windows 11 GUID Partition Scheme (GPT), Windows Search Index, & Windows Artifacts General Reference Tools & Artifacts - iOS - new entry added - iPhone PINs & iOS Artifact Reference  Jobs - old entries cleaned up, new entries added - Flashpoint, Cellebrite, Raytheon, Nozomi Networks, Radware, Marriott, & Stripe Don't forget to submit any missing forensicators to our Forensicators of…
Read More
31 Dec 2022
By Cassie Doemel

AboutDFIR Site Content Update 12/31/22

Tools & Artifacts - Windows - new entry added - Event Logs (Cheat Sheet), Google Drive FS, File Explorer - Temporary Zip Folders, and Kaspersky Antivirus Tools & Artifacts - MacOS- new entry added - Logs - Unified Log Rolling Tools & Artifacts - Android - new entry added - Tusky Jobs - old entries cleaned up, new entries added - ADP, Pearson, Dell Secureworks, GEICO, United Airways, Xerox, Broadcom, and Malwarebytes AboutDFIR stickers are still…
Read More
09 Oct 2022
By Cassie Doemel

AboutDFIR Site Content Update 10/9/22

Tools & Artifacts - Windows - new entries added - Slack, Event Log Access, ProtonVPN, Hintfo Tools & Artifacts - Android - new entry added - Device Health Services Tools & Artifacts - iOS - new entries added - AppInstalls, AppLaunch, & AppIntents, Carplay, Safari, Siri, Unsent Messages, KnowledgeC.db Jobs - old entries cleaned up, new entries added - ZenDesk, Binary Defense, Circle, Charles Schwab, and AllState AboutDFIR stickers are still a thing! If you're interested…
Read More