AboutDFIR Site Content Update – 04/12/2024

Challenges & CTFs - new entries added: Challenges: The DFIR Report - DFIR Labs XINTRA - Advanced APT Emulation Labs Jobs - old entries cleaned up, new entries added: AT&T Mandiant (now part of Google Cloud) Microsoft modePUSH Palo Alto Networks Unit 42 ZeroFox Tools & Artifacts - AWS - new entry added: Artifacts: AWS Amplify Logs - Do NOT forget the AWS Amplify Logs Tools & Artifacts - iOS - new entries added: Tools:…
Read More

AboutDFIR Site Content Update – 03/29/2024

Challenges & CTFs - new entries added - CTF - Magnet Virtual Summit 2024 Capture The Flag, CTF Walkthrough - Magnet Virtual Summit 2024 Capture The Flag - Cipher, iOS (Doug Metz), Magnet Virtual Summit 2024 Capture The Flag - Android, Cipher (DFIR101), Magnet Virtual Summit 2024 Capture The Flag - Android, Cipher, iOS (Forensafe, Kairos (Hestia) Tay, Kevin Pagano, Madi Brumbelow at The Hive) Jobs - old entries cleaned up, new entries added -…
Read More

AboutDFIR Site Content Update – 03/15/2024

Jobs - old entries cleaned up, new entries added - Aperture, JPMorgan Chase & Co., Kraft Heinz, Mandiant (now part of Google Cloud), modePUSH, RSM, TrustedSec Tools & Artifacts - Windows - new entries added - AmCache - Evidence of Program Existence - Amcache, Event Tracing (ETW) - ETL File analysis in live, Triage Analysis - Chaos to Clarity: Why Triage is Not Optional, Tools - Invoke-LiveResponse SANS has released an overview for the new…
Read More

AboutDFIR Site Content Update – 03/01/2024

Jobs - old entries cleaned up, new entries added - JetBlue, Kaseya, Palo Alto Networks Unit 42, Rapid7, Secureworks, Soteria, Sygnia Tools & Artifacts - Android - new entry added - WhatsApp - Investigating Android WhatsApp Tools & Artifacts - AWS - new entry added - AWS Incident Response - AWS Ransomware Tools & Artifacts - Microsoft 365 - new entry added - MailItemsAccessed - MailItemsAccessed Woes: M365 Investigation Challenges Tools & Artifacts - iOS…
Read More

AboutDFIR Site Content Update – 02/16/2024

Jobs - old entries cleaned up, new entries added - Deloitte, IBM, NYU Langone Health, Warner Bros. Discovery Tools & Artifacts - Android - new entry added - Android - SMS - Investigating Android SMS Tools & Artifacts - iOS - new entry added - iOS Acquisition - Bootloader-Level Extraction for Apple Hardware Tools & Artifacts - Microsoft 365 - new entry added - Unified Audit Log (UAL) - What DFIR experts need to know…
Read More

AboutDFIR Site Content Update – 12/29/2023

Jobs - old entries cleaned up, new entries added - ADP, Clear, NCC Group, Palo Alto Networks Unit 42, Pouvoir Judiciaire - Etat de Genève, Warner Bros. Discovery Tools & Artifacts - DVR/Multimedia - new entry added - Video/Image Analysis - Correct the Aspect Ratio of CCTV Footage Tools & Artifacts - Google Workspace - new entries added - Tools - DriveFS Sleuth, Google Drive File Stream (DriveFS) - DriveFS Sleuth — Your Ultimate Google…
Read More

AboutDFIR Site Content Update – 12/15/2023

Jobs - old entries cleaned up, new entries added - AWS, Booz Allen Hamilton, CDW, Cyderes, Palo Alto Networks Unit 42, State Street, Verizon Challenges & CTFs - new entry added - CTF Walkthrough - Cellebrite CTF 2023 - Sharon (Forensafe) Tools & Artifacts - AWS - new entry added - CloudTrail - AWS CloudTrail Forensics - HTB Nubilum-1 Tools & Artifacts - iOS - new entry added - iTunes Backups - The Pitfalls of…
Read More

AboutDFIR Site Content Update – 12/08/2023

Jobs - old entries cleaned up, new entries added - Accenture, Booz Allen Hamilton, CDW, Cloudflare, Moderna, NCC Group Tools & Artifacts - Android - new entry added - Viber - Investigating Android Viber Tools & Artifacts - DVR/Multimedia - new entry added - Video/Image Analysis - Increase Exposure of Dark Footage Tools & Artifacts - Google Workspace - new entry added - Gmail - Dots do matter: Why dots in Gmail addresses impact Google…
Read More

AboutDFIR Site Content Update – 11/24/2023

Certifications & Training - new entry added - SANS - GX-PT Jobs - old entries cleaned up, new entries added - Cellebrite, CrowdStrike, Department of Homeland Security (DHS), FTI Consulting, IBM, JP Morgan Chase & Co., LinkedIn, Mandiant (now part of Google Cloud), Red Canary, USAA Tools & Artifacts - DVR/Multimedia - new entry added - Video/Image Analysis - Correct Optical Distortion Tools & Artifacts - Android - new entry added - Android - IMO…
Read More

AboutDFIR Site Content Update – 10/13/2023

Tools & Artifacts - Windows - new entries added - Intrusion Analysis - Windows Artifacts For Intrusion Analysis: A Treasure Trove of Evidence, TeraCopy - Introducing TeraLogger, Timeline Analysis - Timeline Creation for Forensic Analysis Tools & Artifacts - macOS - new entry added - macOS - Sonoma - Sonoma’s log gets briefer and more secretive Tools & Artifacts - Linux - new entry added - Linux Forensics - Linux Forensics In Depth Tools &…
Read More

AboutDFIR Site Content Update – 10/06/2023

Tools & Artifacts - Windows - new entries added - ScreenConnect - From ScreenConnect to Hive Ransomware in 61 hours, UserAssist - Decoding Windows Registry Artifacts with Belkasoft X: UserAssist, USB Devices - Automated USB artefact parsing from the Registry Tools & Artifacts - iOS - new entry added - iOS15 - iOS 15 Image Forensics Analysis and Tools Comparison - Processing details and general device information Tools & Artifacts - Android - new entry…
Read More

AboutDFIR Site Content Update – 09/22/2023

Tools & Artifacts - Windows - new entry added - EventTransciptParser Tools & Artifacts - iOS - new entries added - iOS 17 - iOS 17 Forensics: Another Year, Another Byte of the Apple, iOS - iOS System Artifacts: Revealing Hidden Clues, iOS Acquisition - iOS Forensic Toolkit: Troubleshooting Low-Level Extraction Agent Tools & Artifacts - Android - new entry added - Android - Accounts - Investigating Android Accounts Tools & Artifacts - DVR/Multimedia -…
Read More

GX-FA Exam: My Experience

Introduction I recently attended the 2023 SANS DFIR Summit in Austin, TX when I saw an advertisement for the brand new GIAC Experienced Forensic Analyst (GX-FA) certification. SANS offered a discount for attendees that were interested in taking this exam and so I decided why not? The last GIAC exam I had taken was the GIAC Certified Forensic Analyst (GCFA) exam in December 2022 and so I found it to be very appropriate to follow…
Read More

AboutDFIR Site Content Update – 09/15/2023

Tools & Artifacts - Windows - new entries added - Level.io - RMM - Level.io: Forensic Artifacts and Evidence, OneDriveExplorer - What's New in OneDriveExplorer, Microsoft Edge - Microsoft Edge Forensics: Screenshot History  Tools & Artifacts - iOS - new entry added - WhatsApp - iOS WhatsApp Forensics with Belkasoft X Tools & Artifacts - Android - new entry added - Android - Contacts - Investigating Android Contacts Tools & Artifacts - DVR/Multimedia - new…
Read More

AboutDFIR Site Content Update – 09/08/2023

Tools & Artifacts - Windows - new entry added - Microsoft Remote Access VPN - Forensic Aspects of Microsoft Remote Access VPN Tools & Artifacts - Linux - new entry added - Walk-through of Dr. Ali Hadi's Web Server Case CTF Tools & Artifacts - iOS - new entry added - Telegram - Investigating iOS Telegram Tools & Artifacts - DVR/Multimedia - new entry added - Deblur a Moving Car Jobs - old entries cleaned…
Read More

AboutDFIR Site Content Update – 05/20/2023

Tools & Artifacts - Windows - new entry added - INetCache Tools & Artifacts - iOS - new entries added - IPA Files, Jailbreak (iOS 15), Anonymous Chat Rooms (Dating App), & iOS Shortcuts Tools & Artifacts - Android - new entries added - Jami and Gboard & Clipboard Training & Certifications - Cyber5W Courses & CCDFA Jobs - old entries cleaned up, new entries added - HM Revenue and Customs Stratford, Sirius XM, Arete,…
Read More