AboutDFIR Site Content Update – 03/01/2024

Jobs - old entries cleaned up, new entries added - JetBlue, Kaseya, Palo Alto Networks Unit 42, Rapid7, Secureworks, Soteria, Sygnia Tools & Artifacts - Android - new entry added - WhatsApp - Investigating Android WhatsApp Tools & Artifacts - AWS - new entry added - AWS Incident Response - AWS Ransomware Tools & Artifacts - Microsoft 365 - new entry added - MailItemsAccessed - MailItemsAccessed Woes: M365 Investigation Challenges Tools & Artifacts - iOS…
Read More

AboutDFIR Site Content Update – 02/16/2024

Jobs - old entries cleaned up, new entries added - Deloitte, IBM, NYU Langone Health, Warner Bros. Discovery Tools & Artifacts - Android - new entry added - Android - SMS - Investigating Android SMS Tools & Artifacts - iOS - new entry added - iOS Acquisition - Bootloader-Level Extraction for Apple Hardware Tools & Artifacts - Microsoft 365 - new entry added - Unified Audit Log (UAL) - What DFIR experts need to know…
Read More

AboutDFIR Site Content Update – 12/29/2023

Jobs - old entries cleaned up, new entries added - ADP, Clear, NCC Group, Palo Alto Networks Unit 42, Pouvoir Judiciaire - Etat de Genève, Warner Bros. Discovery Tools & Artifacts - DVR/Multimedia - new entry added - Video/Image Analysis - Correct the Aspect Ratio of CCTV Footage Tools & Artifacts - Google Workspace - new entries added - Tools - DriveFS Sleuth, Google Drive File Stream (DriveFS) - DriveFS Sleuth — Your Ultimate Google…
Read More

AboutDFIR Site Content Update – 12/15/2023

Jobs - old entries cleaned up, new entries added - AWS, Booz Allen Hamilton, CDW, Cyderes, Palo Alto Networks Unit 42, State Street, Verizon Challenges & CTFs - new entry added - CTF Walkthrough - Cellebrite CTF 2023 - Sharon (Forensafe) Tools & Artifacts - AWS - new entry added - CloudTrail - AWS CloudTrail Forensics - HTB Nubilum-1 Tools & Artifacts - iOS - new entry added - iTunes Backups - The Pitfalls of…
Read More

AboutDFIR Site Content Update – 12/08/2023

Jobs - old entries cleaned up, new entries added - Accenture, Booz Allen Hamilton, CDW, Cloudflare, Moderna, NCC Group Tools & Artifacts - Android - new entry added - Viber - Investigating Android Viber Tools & Artifacts - DVR/Multimedia - new entry added - Video/Image Analysis - Increase Exposure of Dark Footage Tools & Artifacts - Google Workspace - new entry added - Gmail - Dots do matter: Why dots in Gmail addresses impact Google…
Read More

AboutDFIR Site Content Update – 11/24/2023

Certifications & Training - new entry added - SANS - GX-PT Jobs - old entries cleaned up, new entries added - Cellebrite, CrowdStrike, Department of Homeland Security (DHS), FTI Consulting, IBM, JP Morgan Chase & Co., LinkedIn, Mandiant (now part of Google Cloud), Red Canary, USAA Tools & Artifacts - DVR/Multimedia - new entry added - Video/Image Analysis - Correct Optical Distortion Tools & Artifacts - Android - new entry added - Android - IMO…
Read More

AboutDFIR Site Content Update – 10/13/2023

Tools & Artifacts - Windows - new entries added - Intrusion Analysis - Windows Artifacts For Intrusion Analysis: A Treasure Trove of Evidence, TeraCopy - Introducing TeraLogger, Timeline Analysis - Timeline Creation for Forensic Analysis Tools & Artifacts - macOS - new entry added - macOS - Sonoma - Sonoma’s log gets briefer and more secretive Tools & Artifacts - Linux - new entry added - Linux Forensics - Linux Forensics In Depth Tools &…
Read More

AboutDFIR Site Content Update – 10/06/2023

Tools & Artifacts - Windows - new entries added - ScreenConnect - From ScreenConnect to Hive Ransomware in 61 hours, UserAssist - Decoding Windows Registry Artifacts with Belkasoft X: UserAssist, USB Devices - Automated USB artefact parsing from the Registry Tools & Artifacts - iOS - new entry added - iOS15 - iOS 15 Image Forensics Analysis and Tools Comparison - Processing details and general device information Tools & Artifacts - Android - new entry…
Read More

AboutDFIR Site Content Update – 09/22/2023

Tools & Artifacts - Windows - new entry added - EventTransciptParser Tools & Artifacts - iOS - new entries added - iOS 17 - iOS 17 Forensics: Another Year, Another Byte of the Apple, iOS - iOS System Artifacts: Revealing Hidden Clues, iOS Acquisition - iOS Forensic Toolkit: Troubleshooting Low-Level Extraction Agent Tools & Artifacts - Android - new entry added - Android - Accounts - Investigating Android Accounts Tools & Artifacts - DVR/Multimedia -…
Read More

GX-FA Exam: My Experience

Introduction I recently attended the 2023 SANS DFIR Summit in Austin, TX when I saw an advertisement for the brand new GIAC Experienced Forensic Analyst (GX-FA) certification. SANS offered a discount for attendees that were interested in taking this exam and so I decided why not? The last GIAC exam I had taken was the GIAC Certified Forensic Analyst (GCFA) exam in December 2022 and so I found it to be very appropriate to follow…
Read More

AboutDFIR Site Content Update – 09/15/2023

Tools & Artifacts - Windows - new entries added - Level.io - RMM - Level.io: Forensic Artifacts and Evidence, OneDriveExplorer - What's New in OneDriveExplorer, Microsoft Edge - Microsoft Edge Forensics: Screenshot History  Tools & Artifacts - iOS - new entry added - WhatsApp - iOS WhatsApp Forensics with Belkasoft X Tools & Artifacts - Android - new entry added - Android - Contacts - Investigating Android Contacts Tools & Artifacts - DVR/Multimedia - new…
Read More

AboutDFIR Site Content Update – 09/08/2023

Tools & Artifacts - Windows - new entry added - Microsoft Remote Access VPN - Forensic Aspects of Microsoft Remote Access VPN Tools & Artifacts - Linux - new entry added - Walk-through of Dr. Ali Hadi's Web Server Case CTF Tools & Artifacts - iOS - new entry added - Telegram - Investigating iOS Telegram Tools & Artifacts - DVR/Multimedia - new entry added - Deblur a Moving Car Jobs - old entries cleaned…
Read More

AboutDFIR Site Content Update – 05/20/2023

Tools & Artifacts - Windows - new entry added - INetCache Tools & Artifacts - iOS - new entries added - IPA Files, Jailbreak (iOS 15), Anonymous Chat Rooms (Dating App), & iOS Shortcuts Tools & Artifacts - Android - new entries added - Jami and Gboard & Clipboard Training & Certifications - Cyber5W Courses & CCDFA Jobs - old entries cleaned up, new entries added - HM Revenue and Customs Stratford, Sirius XM, Arete,…
Read More