AboutDFIR Site Content Update – 06/03/2023

Tools & Artifacts - Windows - new entries added - Jumplist - Windows 10, RDP, Event Logs - Hidden Insights, VMware Workstation Memory Analysis, WMI Events, and another Windows Management Instrumentation (WMI) Tools & Artifacts - MacOS - new entry added - Tool List, mac_apt, APOLLO, and fseventd parser Tools & Artifacts - iOS - new entries added - iOS 15 Image (also added to Tool Testing) and Location & Device Data  Tools & Artifacts -…
Read More

AboutDFIR Site Content Update – 05/20/2023

Tools & Artifacts - Windows - new entry added - INetCache Tools & Artifacts - iOS - new entries added - IPA Files, Jailbreak (iOS 15), Anonymous Chat Rooms (Dating App), & iOS Shortcuts Tools & Artifacts - Android - new entries added - Jami and Gboard & Clipboard Training & Certifications - Cyber5W Courses & CCDFA Jobs - old entries cleaned up, new entries added - HM Revenue and Customs Stratford, Sirius XM, Arete,…
Read More

AboutDFIR Site Content Update 05/06/2023

Tools & Artifacts - Windows - new entries added - Adobe Acrobat Reader (link updated), Windows 11 GUID Partition Scheme (GPT), Windows Search Index, & Windows Artifacts General Reference Tools & Artifacts - iOS - new entry added - iPhone PINs & iOS Artifact Reference  Jobs - old entries cleaned up, new entries added - Flashpoint, Cellebrite, Raytheon, Nozomi Networks, Radware, Marriott, & Stripe Don't forget to submit any missing forensicators to our Forensicators of…
Read More

AboutDFIR Site Content Update 04/08/2023

Tools & Artifacts - Windows - new entry added - Hayabusa (tool), BitTorrent, Avira Antivirus, GoToMeeting, AnyDesk Tools & Artifacts - Android - new entry added - SetupWizard Tools & Artifacts - iOS - new entry added - Locked Data Annual Industry Reports - new entries added - proofpoint, Arctic Wolf, Avast, BeyondTrust, Blackberry, Check Point, Cisco, Cisco, Veeam, IBM X-Force, Kaspersky, Mandiant, McAfee, Meta, ODNI Jobs - old entries cleaned up, new entries added…
Read More

AboutDFIR Site Content Update 03/25/2023

Tools & Artifacts - Windows - new entries added - BitComet & imo (Messenger) Tools & Artifacts - Linux - new entries added - Image Mounting & Memory Acquisition Tools & Artifacts - MacOS - new entry added - Safari Tools & Artifacts - iOS - new entry added - Deleted Messages Tool Testing - new entries added - Android 13 (x2) Annual Reports - new entries added - FBI Internet Crime Report & Red…
Read More

AboutDFIR Site Content Update 12/17/22

Tools & Artifacts - Windows - new entry added - Defender Tools & Artifacts - iOS- new entries added - Dual SIM Phones, Photos.sqlite - ZINTERNALRESOURCE, Cache.db Tools & Artifacts - Android - new entries added - Sygic, Dual SIM Phones, Mastodon, Android 13 Image SANS Difference Makers Awards - Will update our page soon, but here's a recording of the Ceremony Jobs - old entries cleaned up, new entries added - Yahoo, Detego, and…
Read More

AboutDFIR Site Content Update 12/3/22

Tools & Artifacts - Windows - new entries added - MUICache and FeatureUsage/Taskbar Tools & Artifacts - iOS- new entry added - Facebook Messenger and AppIntent Jobs - old entries cleaned up, new entries added - CISA, Deloitte, Reddit, DigitalOcean, Durham Police Department, SEROCU, and Tracepoint Page of the Month - SANS Posters - new and updated posters have been added. (This has become more of a "Resource of the Month" so I'm going to…
Read More

AboutDFIR Site Content Update 11/22/22

Tools & Artifacts - Windows - new entries added - iTunes, Recent Items, and Email Forensics Tools & Artifacts - Linux - new entry added - Linux History File Timestamps Tools & Artifacts - Android - new entry added - Bumble Jobs - old entries cleaned up, new entries added - Peloton, Edgewater, and LiveNation Entertainment Leading right into U.S. Thanksgiving, I need to give a huge thank you to Alex (you may know him…
Read More

AboutDFIR Site Content Update 9/24/22

Tools & Artifacts - Windows - new entries added - Microsoft Management Console MRU, File Carving, WordPad Recent Files, SDeleted Files, MRU, File Signature and Hash Analysis, Desktop Wallpaper, Windows Startup Programs, Microsoft Teams, and Email Forensics Tools & Artifacts - Android - new entry added - Forensic References Tools & Artifacts - iOS - new entry added - DFU: iPhone 8, 8 Plus, and iPhone X and Shared with You Syndication Photo Library Jobs…
Read More

AboutDFIR Site Content Update 7/30/22

The site update is busy this week!  SANS Security Awareness Summit is next week Aug 3 & 4 and is still doing hybrid/virtual. This means you can still sign up to attend virtually for free today! The suggested attendees include CISOs, Security Engineers/Architects, Education/Training professionals, and Compliance/Legal/Auditing professionals. Topics include Phishing, Office365, Equifax, Metaverse, Psychology, Human Risk, and staying safe online. Tools & Artifacts - Windows - new entries added - Browser Downloads, Machine SID,…
Read More

AboutDFIR Site Content Update 7/16/22

Forensic 4:cast Award voting is now open!  Tools & Artifacts - Windows - new entries added - Event Tracing (ETW), Event Logs, Registry Hive Bins, ADS Zone.Identifier, Profiles, 360 Secure Browser, and Windows Management Instrumentation (WMI) Tools & Artifacts - Android - new entry added - Session Tools & Artifacts - iOS - new entry added - Speed/ZRTCLLOCATIONMO Jobs - old entries cleaned up, new entries added - ZeroFox, PWC, Gartner, Zoom, Cisco, Sophos, and Arctic…
Read More

AboutDFIR Site Content Update 6/4/22

Surprise, not surprise, I posted the research!  Informally, I'd like to break down a little more what it could be useful for. App Timeline Provider logs mouse, keyboard, and audio activity for apps that are in focus on Windows 8+ machines. If you have mouse and keyboard activity within an app, you're validating that the window was "in focus" and that it was interacted with. If you have audio input and audio output, you can…
Read More

AboutDFIR Site Content Update 4/23/22

Big thing right up front - this is the last site update before the Forensic 4:Cast nominations close -  click here to nominate your favorite or most useful resources!  Annual Industry Reports- new entries added - RIA, Arctic Wolf, and Meta Jobs - new entries added - Raytheon Intelligence & Space, Zachary Piper Solutions, Cognizant, Kyndryl, and Center for Internet Security Tools & Artifacts - Windows - new entries added - Windows Registry, a graphing…
Read More

InfoSec News Nuggets 08/17/2020

Instagram Retained Deleted Photos and Messages on Its Servers for Over a Year Instagram has awarded a security researcher a $6,000 bug bounty payout after he found photos and private direct messages on the platform's servers that he had deleted more than a year ago (via TechCrunch). Saugat Pokharel discovered that his content hadn't been removed in October after downloading a copy of his data from the photo-sharing app. Instagram introduced the download option two years ago to…
Read More