Incident Response Tools
In this post Harlan Carvey has presented his views on incident response tools. In the post you’ll find both “cla…
CyDefe Labs DFIR Challenges
If you don’t know what to do on a Sunday evening, there is a bunch of nice digital forensics and incident response cha…
Simplifying Bro IDS Log Parsing with ParseBroLogs
A few days ago Dan Gunter has published a post about his tool capable of parsing logs from the Bro Intrusion Detection Syste…
What Event Logs? Part 2: Lateral Movement without Event Logs
Many analysts rely on Windows Event Logs to help gain context of attacker activity on a system, with log entries serving as …
Invoke-LiveResponse
Invoke-LiveResponse is a module for Live Response and Forensic collections over WinRM written by Matthew Green. You can lear…
What Event Logs? Part 1: Attacker Tricks to Remove Event Logs
Many analysts rely on Windows Event Logs to help gain context of attacker activity on a system, with log entries serving as …
Windows Console Command History: Valuable Evidence for Live Response Investigation
Tom Sela has posted an updated version of his paper originally published in the March 2017 edition of eForensics Magazine. T…
Incident Response Script for APT Hunting
Sergey Golovanov and Igor Soumenkov have prepared a New Year present for DFIR community: they have presented their script fo…
Pagefile forensics: page_brute
page_brute.py is a digital forensic tool purposed to analyze and categorize individual paged memory frames from Windows Page…
Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI
In this post Jessica Payne writes about how to use the built in Windows Event Forwarding components of Windows, some PowerSh…
