Here is a list of tips on getting hired in DFIR by Brett Shavers:

Hal Pomeranz has started a series of blog posts about forensic analysis of XFS file system. XFS is becoming more common on Linux systems, but we are lacking forensic tools for decoding it. The first post will provide you with a quick overview of this file system, and focus on the superblock.

Didier Stevens has posted about how to use IOCs (Indicators Of Compromise) to create your own custom YARA rules. In the post he creates custom YARA rules to detect compromised CCleaner executables.

Sarah Edwards has found a very usefull bug in macOS High Sierra – unified logs show plaintext password for APFS encrypted external volumes via Disk Utility. Learn more about it in this post.

In this post Jamey Tubbs, Magnet Software Training Director, shows how the latest versions of Windows 10 destroy digital evidence during updating process.

Marcus Bakker from MB Secure has published a tutorial on how to catch malware beaconing from an infrastructure where a non-transparent proxy is used for all outgoing network traffic.

In this post Brad Garnett writes about the importance of logging in incident response. Brad mentions such important digital evidence sources, as PowerShell logs, Sysmon and Cisco Advanced Malware Protection (AMP). He finishes the post with noting the importance of memory forensics for any blue team member.

If you don’t know what to do on a Sunday evening, there is a bunch of nice digital forensics and incident response challenges for you. CyDefe Labs have prepared memory forensics, incident response and some other challenges, find them here.

Starting with Autopsy 4.5.0, you can now determine when a file or phone number (or other artifact) was seen in a previous case. You can also be alerted when an artifact was found that was previously marked as “bad”. These features are possible because of new infrastructure called the Central Repository. In this blog, we’ll talk about enabling the Central …

Sysinternals Autoruns is a great utility for defenders to discover and disable malware and adversaries’ persistence points. There are similar programs, but as the author of Autoruns says: “(Autoruns) has the most comprehensive knowledge of auto-starting locations “, therefore the focus here is on Autoruns. In the last weeks couple of security researches (Kyle – @KyleHanslovan, Chris – @ChrisBisnett, HASHEREZADE @hasherezade) have discovered that it’s …