Forensicator

@_RyanBenson Thanks for doing this Ryan! There's been so much great info, I've really enjoyed following it :)

#DailyDFIR 366: It's here, the end of 2020! I've finished my year of tweeting about #DFIR topics every single day. I've put together a wrap-up post: 🔗 dfir.blog/a-year-of-dail… Thanks to all of #DFIR; I couldn't have found 366 positive things to tweet about without your work!

#MagnetWeeklyCTF Week 4 done and dusted! I think I got a bit lucky with a keyword search this time round though 😳

Managed #MagnetWeeklyCTF challenge 3 on my last attempt. Apparently I've done it the hard way so I can't wait to see everyones write-ups! Learned a lot though so it was worth it 🙂

#MagnetWeeklyCTF challenge 2 completed. I thought I knew where to look for this one but I had to go digging elsewhere!

Just did Challenge 1 of #MagnetWeeklyCTF, looking forward to next week already! bit.ly/34wcqqF

I've been working on this one for a while and hoping it helps some folks. Tracking app containers, shared containers, and plugins using an unsuspecting .plist file. blog.d204n6.com/2020/09/ios-tr…

Blog time! This one's a write-up of a CTF that had me digging through NTFS artefacts I don't use every day. It was a real challenge and very enjoyable, made all the more interesting by not having most of my usual tools available bit.ly/31khFIy

@phillmoore @GCHQ I couldn't agree more! The decoding and "magic" features are so useful when working with an unknown data type. (And how else am I supposed to check if something is numberwang??)

I ❤️ @GCHQ Cyberchef. Makes my #DFIR life so much easier

Windows users rejoice! This is such a useful tool 😀

@sansforensics will the talks be available on-demand after the summit?

Join 15,000+ members of your DFIR community this Thursday and Friday at #DFIRSummit for technical talks on the latest in #digitalforensics, #IncidentResponse research, as well as a DFIR solutions track! Don't miss out — register now for FREE: sans.org/u/YBl

#DailyDFIR 185: New input/output modes for Unfurl! 🌿 If you pass Unfurl a file path instead of a URL, it will open that file and parse each line in it. Using -o option will save output to a CSV file (leave off to send output to screen). Thanks @B1N2H3X for the request! #DFIR

I learnt loads doing @teambi0s MemLabs w/ @volatility, @MagnetForensics & CyberChef! Here are my write-ups: 1- bit.ly/2CK21xg 2- bit.ly/2Aei8lT 3- bit.ly/2YIJGcI 4- bit.ly/2BkDizl 5- bit.ly/2NBHz45 6- bit.ly/2VtMiJm #DFIR

Introducing MemLabs - Educational, CTF-styled labs for individuals interested in Memory Forensics, is now released. Link: github.com/stuxnet999/Mem… Author: @_abhiramkumar #ctf #dfir #memoryforensics #infosec #cybersecurity

Week 26 - 2020 #DFIR thisweekin4n6.com/2020/06/27/wee…

@AlexisBrignoni I'll do my best! :)

@_RyanBenson Thanks for the shout-out Ryan!

#DailyDFIR 178: I'm a big proponent of using visualizations to help with analysis & I love seeing how others make use of them. @Forensicator4 wrote a post about exploring the visualization options in #Python & #Pandas, with a #DFIR spin: 🔗 forensic8or.blogspot.com/2020/06/visual… #DFIR

@SwiftOnSecurity @markrussinovich Nice new feature! For those who want a refresh about ADS, my slides: winitor.com/pdf/NtfsAltern…

#DFIR SQLite ProTip: Use Display Formats for db columns to triage data! (Right-click the column header) This makes me so happy, thank you @sqlitebrowser 😍

New blog: Visualising Forensic Data with Pandas forensic8or.blogspot.com/2020/06/visual… #DFIR #Python