CTF导航Cyberdefenders蓝队-恶意软件流量分析3 Dr. Neal Krawetz at ‘The Hacker Factor Blog’Weird Science ForensafeInvestigating Window Kaspersky Antivirus Howard Oakley at ‘The Eclectic Light Company’Rolling logs and anti-malware scans Jason Wilkins at ‘Noob to Pro Forensics’Drive Geometry, File Systems, and How Criminals Hide Data Joe T. Sylve, Ph.D. 2022 APFS Advent Challenge Day 13 – Data Streams 2022 APFS […]

Active CountermeasuresHunting Windows Event Logs Oleg Afonin at ElcomsoftWindows Account Passwords: Why and How to Break NTLM Credentials ForensafeInvestigating Window Google Drive Karthikeyan Nagaraj at InfoSec Write-ups Advent of Cyber 2022 [Day 11]-Memory Forensics-Not all gifts are nice Write up Advent of Cyber 2022 [Day 14]-Packet Analysis | Simply having a wonderful pcap time — Simple Write… […]

CyberJunnkiePhishing Email Challenge by LetsDefend Joseph Moronwi at Digital InvestigatorMalware Threat Hunting With Volatility ForensafeInvestigating Android Sygic Fallen sky at InfoSec Write-upsEmail analysis : avoid phishing attacks Joe T. Sylve, Ph.D. 2022 APFS Advent Challenge Day 3 – Containers 2022 APFS Advent Challenge Day 4 – NX Superblock Objects 2022 APFS Advent Challenge Day 5 – […]

Andrew Rathbun and Eric ZimmermanEZ Tools Manuals Digital Forensics Discord ServerThe Hitchhiker’s Guide to DFIR: Experiences From Beginners and Experts – v1.2 Bill Thompson at OpenTextGetting to know your tools Liu Zhixiangcheckm8提取速查表：iPhone、iPad Derek EiriPractical Linux Forensics & a Mini Linux Forensics CTF David Stenhouse at DS ForensicsMy Time With The Judge ForensafeInvestigating Windows Defender James […]

Ali Alwashali at ‘HackDefend Labs’Sysinternals case writeup Paul Lorentz at CellebriteSmart Flow – A super-charged single step for extractions in UFED 7.60 Domiziana FotiLetsDefend- SOC112 — Traffic to Blacklisted IP Doug Metz at Baker Street ForensicsGroup collections from O365 with PowerShell ForensafeInvestigating iOS FACEBOOK Messenger Haircutfish TryHackMe MITRE Room-Task 3 ATT&CK® Framework TryHackMe MITRE Room- Task 1 […]

Cado Security Enhancing Cado Community Edition with Velociraptor WatchDog Continues to Target East Asian CSPs The Ultimate Guide to Ransomware Incident Response & Forensics Dr. Ali HadiChallenge #7 – SysInternals Case Oleg Afonin at Elcomsoft Advanced Logical Extraction with iOS Forensic Toolkit 8: Cheat Sheet Cloud Forensics: Obtaining iCloud Backups, Media Files and Synchronized Data […]

Blake ReganHow to create a forensic image of a physical hard drive using FTK Imager Alan Flora at CellebriteUsing Pathfinder to Avoid Ethical Dilemmas in Digital Forensics CTF导航 inctf Forensic复现 | Memlabs（下） inctf Forensic复现 | Memlabs（上） 电子取证之NTFS基础 Digital Forensics Myanmar Browser Forensics (Firefox, Chrome, Edge, Opera, Brave) Clear Browsing Data  Forensics (Firefox, Chrome, Edge, Opera, […]

Cado SecurityAnalysing Docker Images in the Cado Platform CTF导航如何基于volatility2构建“新”版本内核的profile DFIR Review Wipeout! Detecting Android Factory Resets An Alternate Location for Deleted SMS/iMessage Data in Apple Devices iOS KnowledgeC.db Notifications Digital Forensics Myanmar Disk Scan (OR) Low Level Enumeration  (NTFS  File System) Zone.idnetifier  In Master File Table (MFT) Joseph Moronwi at Digital Investigator IP Geolocation: A […]

CyberJunnkiePrintNightmare : Memory forensics and Network forensics challenge -> Letsdefend Derek EiriExploring AI Assisted Picture Categorization with Magnet Forensics AXIOM and X-Ways Forensics with Excire, Re: Weapons Digital Forensics MyanmarDisk Scan (OR) Low Level Enumeration  (FAT File System) Erik Hjelmvik at NetresecWhat is a PCAP file? ForensafeInvestigating VirtualBox Haircutfish TryHackMe Volatility — Task 2 Obtaining Memory Samples Secure […]

Krzysztof Gajewski at CyberDefNerdThe $MFT flag that you have never considered before – OneDrive not synchronized files. Mohamed Labib at DetectiveStringsMay svchosts guid you Domiziana FotiLetsDefend- SOC 175- PowerShell Found in Requested URL-Microsoft Exchange Server… ForensafeInvestigating FileZilla Fox-ITI’m in your hypervisor, collecting your evidence InfoSec Write-upsPylirt — Python Linux Incident Response Toolkit Md. Abdullah Al MamunMy Recent […]