The world's leading Digital Forensics and Incident Response provider. This feed updates you on latest DFIR news, events, and training.

One artifact rarely tells the full story. Jump Lists. LNK files. Prefetch. Each captures different activity on a Windows system. The challenge is connecting them. 👇 Quick reference in the playbook 👉 go.sans.org/RKG6xY
1
34
124
9,713
JUST RELEASED at the #DFIRSummit the #macOS & #iOSForensicAnalysis poster This poster features "Evidence of..." categories that provide key macOS and iOS operating system artifacts that are relevant to digital investigations DOWNLOAD HERE: sans.org/u/1rPB
2
97
238
38,789
🔥 In case you missed it...the NEW #CTI Cheat Sheet is now available! Packed w/ frameworks, methodologies, & tips, this guide simplifies threat modeling, tackles cognitive biases, & sharpens your analysis. 📥 Download your FREE copy: sans.org/u/1zTr #ThreatIntel #DFIR
77
220
21,119
🚨 THIS JUST IN: The ultimate #Linux guide is here! Created by @4enzikat0r & @tazwake this must-have forensic poster is your go-to resource for detecting rootkits, tracking attacker persistence, & analyzing timestamps. 📄 Get your FREE copy! buff.ly/pl8eiHo #DFIR
75
221
13,203
How many of the ever-so-popular SANS #DFIR posters do you have? Check them all out and download for free: sans.org/u/12CH
2
72
209
Congratulations to our #FOR526 co-author and instructor of many @SANSInstitute courses @MalwareJake on his promotion to Senior Instructor!
22
25
191
📄 The Linux #IncidentResponse & #ThreatHunting Poster by @4enzikat0r & @tazwake is your forensic roadmap, helping you analyze timestamps, track persistence mechanisms, & uncover hidden malware. 📥 Download your FREE copy!: sans.org/u/1Avg #DFIR #Linux
3
54
193
15,004
📄 The Linux #IncidentResponse & #ThreatHunting Poster by @4enzikat0r & @tazwake is your forensic roadmap, helping you analyze timestamps, track persistence mechanisms, & uncover hidden malware. 📥 Download your FREE copy!: sans.org/u/1Avg #DFIR #Linux
57
186
11,507
🧠 Forensic analysts, meet your new best friend: the SIFT Cheat Sheet by instructor Marcus Guevara covering mounting evidence, data recovery, and more with the @SANSInstitute #SIFT Workstation. Download now! sans.org/u/1xIB #DigitalForensics #CyberSecurity #DFIR
45
176
17,086
This Valentine's Day @SANSInstitute is spreading the love by releasing the @EricZimmerman's Command Line Poster. The EZ tools provide scriptable, scalable, & repeatable results with astonishing speed and accuracy. This poster will show you how to use them. Get yours Feb 14th
17
75
179
🔥 The NEW #CTI Cheat Sheet by @likethecoins & Rebekah Brown is now available! Packed w/ frameworks & methodologies this guide simplifies threat modeling, tackles cognitive biases, & sharpens your analysis. 📥 Download your FREE copy: sans.org/u/1zTr #ThreatIntel #DFIR
1
49
172
14,011
JSON and jq Quick Start Guide Created by @PhilHagen and @DavidSzili, our new cheat sheet covers the basics of #JSON and some of the fundamentals of the jq utility, as a supplement to #FOR572. Download now: digital-forensics.sans.org/u…
1
61
167
#Austin attendees! Don't forget to get your printed #HuntEvil, #WindowsForensics, #NetworkForensics, #MobileForensics & the BRAND NEW #CloudForensics posters across the main auditorium #DFIRSummit #dfir
3
45
155
The #WindowsForensicAnalysis poster has been revised to support modern Windows investigations! Use it as a cheat sheet of WinXP - Windows 11 operating system artifacts & a means to discover important artifacts. Download now! 👉sans.org/u/1nNm @chadtilbury @4enzikat0r
1
60
162
Malware Can Hide, But it Must Run Get the NEW #MemoryForensics Poster #DFIR digital-forensics.sans.org/u… by @malwarejake & @sibertor #FOR526
4
104
153
Keynote announced! Join us next Thursday when @C_C_Krebs keynotes #CTISummit! Don’t miss out, register now for FREE: sans.org/u/17xM #ThreatIntel #CTI
3
69
137
🧰Featured Free Tool: EZ Tool🧰 A suite of open source digital forensics tools that can be used in a wide variety of investigations including cross validation of tools, providing insight into technical details not exposed by other tools, and more: digital-forensics.sans.org/u…
37
124
Congratulations to our #Mac #iOS guru @iamevltwin Sarah Edwards for being promoted to SANS Senior Instructor! Just like your #FOR518 course is unique to our #DFIR Curriculum, your talent and willingness to give back to the Community is unique too! Congratulations Sarah!
24
18
130
🚨NEW JSON and jq Quick Start Guide 🚨 Created by @PhilHagen and @DavidSzili, our new cheat sheet covers the basics of #JSON and some of the fundamentals of the jq utility, as a supplement to #FOR572. Download now: digital-forensics.sans.org/u…
1
48
128
You might want to block off a few hours (or days) from your schedule… Check out this epic list of 150+ FREE tools created by SANS faculty for #cybersecurity pros: sans.org/u/11WG
59
126
📄 The Linux #IncidentResponse & #ThreatHunting poster by @4enzikat0r & @tazwake is your forensic roadmap, helping you analyze timestamps, track persistence mechanisms, & uncover hidden malware. 📥 Download your FREE copy!: buff.ly/fJ3k3NK #DFIR #Linux
1
40
133
7,575
⚠️NEWS ALERT⚠️ NEW POSTER | #Ransomware & #CyberExtortion poster authored by @4enzikat0r & @rj_chap releasing at the @SANSInstitute #CTISummit! Get your hardcopy by attending in person or download it by registering to attend via live online! 👉sans.org/u/1uc8
1
59
125
17,264
The #WindowsForensicAnalysis poster has been revised to support modern Windows investigations! Use it as a cheat sheet of WinXP - Windows 11 operating system artifacts & a means to discover important artifacts. Download now! 👉sans.org/u/1nNm @chadtilbury @4enzikat0r
2
55
123
🧰Featured Free Tool: EZ Tool🧰 A suite of open source digital forensics tools that can be used in a wide variety of investigations including cross validation of tools, providing insight into technical details not exposed by other tools, and more: digital-forensics.sans.org/u…
37
121
From the 2019 Threat Hunting and Incident Response Summit, @Cyb3rWard0g and @Cyb3rPandaH's #Jupyter Notebooks and Pre-recorded Datasets for Threat Hunting presentation View now: piped.video/watch?v=ZfJ01ZFC…
41
118
NEW #DFIR POSTER | #MALWAREANALYSIS:TIPS & TRICKS by #FOR610 course author @lennyzeltser This poster provides a starting point to reverse-engineer & examine suspicious files like compiled executables & potentially malicious documents. DOWNLOAD IT NOW! 👉 sans.org/u/1mT9
6
44
113
#DFIR FREE Two Hour Workshop | 8/16, 1pm ET #FOR528: #Ransomware for #IncidentResponders lab overview will teach you how to recognize #PowerShell beacon downloader scripts, #CobalStrike Beacon config extraction and more! Come learn HANDS-ON! sans.org/u/1rFG
35
108
20,002
Don't forget to download the NEW #NetworkForensics poster! FREE to the community! #DFIR #FOR572 sans.org/u/ttU
1
67
106
HOT OFF THE PRESS!! New #Windows Third-Party #AppsForensics Reference Guide Poster provides a detailed exploration of artifacts from 46 third-party applications commonly found on devices running the Windows operating system. Download it now! #DFIR sans.org/u/1jFX
2
71
109
In case you missed all the commotion, Here is the NEW Forensics Poster #DFIR #NetworkForensics sans.org/u/ufa
69
106
Former FBI Agent @EricRZimmerman provides several open source command line tools free to the #DFIR Community. These open source digital forensics tools are used daily in a variety of investigations all over the world! Download today: digital-forensics.sans.org/u…
1
46
104
NEW VIDEO! In his #ThreatHuntingSummit talk, @antonlovesdnb discusses what data sources are required to gain visibility into macro executions, how to baseline such executions in an environment & how to effectively filter out less risky macro executions. piped.video/soF5iyeeWDg
1
28
98
Welcome (officially) to the family of #DFIR @SANSInstitute certified instructors @EricRZimmerman #FOR508 Adv. #DFIR & #ThreatHunting course
21
17
95
🙌COMING JUNE 2021🙌 NEW #FOR509: Enterprise #CloudForensics & #IncidentResponse From cloud equivalents of network traffic monitoring to direct hypervisor interaction for evidence preservation, learn cloud forensics' new capabilities. #DFIR Read blog👉sans.org/u/1cQ0
3
38
93
🔎 Want to #ThreatHunt more effectively? Start by knowing what’s normal on a #Windows box. The Hunt Evil poster by @robtlee & @mikepilkington is your go-to process baseline resource. 📄 Download your copy today: sans.org/u/1Bp4 #DFIR
25
98
5,579
HOT OFF THE PRESS! "Six Steps to Successful #MobileValidation" - A SANS #DFIR paper created in collaboration with @Cellebrite @MSAB_XRY @MagnetForensics @oxygenforensic @GrayshiftLLC @parabencorp @Belkasoft @ElcomSoft Download now -->sans.org/u/1dyL #mobileforensics
2
43
89
The #WindowsForensicAnalysis poster has been revised to support modern Windows investigations! Use it as a cheat sheet of WinXP - Windows 11 operating system artifacts & a means to discover important artifacts. Download now! 👉sans.org/u/1nNm @chadtilbury @4enzikat0r
1
35
88
🧰Featured Free Tool: EZ Tool🧰 A suite of open source digital forensics tools that can be used in a wide variety of investigations including cross validation of tools, providing insight into technical details not exposed by other tools, and more: digital-forensics.sans.org/u…
27
83
In his #ThreatHuntingSummit talk, @antonlovesdnb discusses what data sources are required to gain visibility into macro executions, how to baseline such executions in an environment, and how to effectively filter out less risky macro executions. piped.video/soF5iyeeWDg
1
28
84
📄 In case you haven't grabbed your copy... The #CTI Cheat Sheet v1.0 created by @likethecoins & @PDXBek simplifies threat modeling, tackles cognitive biases, & sharpens your analysis. 📥 Grab your FREE copy: buff.ly/7sAn10C #ThreatIntel #DFIR
35
89
6,508
In her #DFIRSummit talk @4enzikat0r shares the basics of digital forensics: what it really means, what digital evidence is and where to find it, how digital forensics can assist your organization & more. Watch now: piped.video/eftOgRsHK4A #DFIR #DigitalForensics
1
30
82
🔎 Want to #ThreatHunt more effectively? Start by knowing what’s normal on a #Windows host. The Hunt Evil poster is your go-to process & baseline resource. 📄 Download your copy today: buff.ly/HkFgqSF #DFIR #FOR508
27
86
4,888
In their #ThreatHuntingSummit talk, @d1vious & @M_haggis share their #CobaltStrike scanning tool, named zoidbergstrike and explain how to use the data to better protect their enterprisee against actors using Cobalt Strike. piped.video/MWr6bvrrYHQ
37
82
Take a shortcut when analyzing malicious documents with a FREE cheatsheet from @LennyZeltser . #MalwareAnalysis #FOR610 #DFIR digital-forensics.sans.org/u…
51
81
NEW UPDATED POSTER! The #FOR500 course dives deep into each category highlighted in this poster, providing insight and an understanding of how to piece together #DFIR artifacts Download it now! 👉sans.org/u/1nNm @chadtilbury @4enzikat0r
2
24
77
NEW #DFIR POSTER | #MALWAREANALYSIS:TIPS & TRICKS by #FOR610 course author @lennyzeltser This poster provides a starting point to reverse-engineer & examine suspicious files like compiled executables & potentially malicious documents. DOWNLOAD IT NOW! 👉 sans.org/u/1mT9
1
31
83
FREE cheatsheet from @lennyzeltser for Reverse-Engineering Malicious Code. #MalwareAnalysis #FOR610 #DFIR digital-forensics.sans.org/u…
38
76
🧰Featured Free Tool: EZ Tool🧰 A suite of open source digital forensics tools that can be used in a wide variety of investigations including cross validation of tools, providing insight into technical details not exposed by other tools, and more: digital-forensics.sans.org/u…
24
77
🚨NEW VIDEO🚨 In their #DFIRSummit talk @eric_capuano and @shortxstack share how they perform forensic analysis at scale using Velociraptor and Timesketch, fully automating the process. piped.video/AuOWMz1nXqk #DFIR #IncidentResponse #IR #Breach
1
21
76
Congratulations to our newest SANS CERTIFIED instructor, David Cowen @HECFBlog Welcome to the team David! Go #DFIR!
15
27
77
The first-ever *joint* FOR508/FOR572 capstone with an all-new data set is underway in Zürich. Teams are examining >250GB of disk, memory, and network evidence, collaborating across DFIR disciplines! 8 coins are one the line at #SANSZurich! @mathias_fuchs @PhilHagen
1
16
75
Dont leave #FOR526 w/out downloading ur FREE copy of the #MemoryForensics poster! @sibertor #DFIR digital-forensics.sans.org/u…
32
78
Learn the latest methods for producing #threatintel at this year's FREE, virtual #CTISummit. Don't miss out, register now: sans.org/u/17xM #CTI
25
71
Download the NEW #WindowsForensics Poster ! digital-forensics.sans.org/u… @robtlee By using the techniques in this Poster's chart, you will learn how to narrow the thousands of files on a typical machine down to the 1-4 files that are possible malware #FOR500 #DFIR
46
76
📺 #CTISummit Talks are live! ️ 🗣Featured Expert: @chrissanders88, Founder, @networkdefense @RuralTechFund 👏 Keynote: Deconstructing the Analyst Mindset ➡️ Watch Now: piped.video/Qy-19aRN58M
32
74
28,388
🧰Featured Free Tool: EZ Tool🧰 A suite of open source digital forensics tools that can be used in a wide variety of investigations including cross validation of tools, providing insight into technical details not exposed by other tools, and more: digital-forensics.sans.org/u…
21
72
Join us at #DFIRSummit when Mehmet Ergene explains the difficulties and demonstrates a new method for effectively identifying malicious beaconing traffic at scale. Register here: sans.org/u/1pkc #DFIR #IR #IncidentResponse
13
70
11,644
Join us this Thursday when @C_C_Krebs keynotes #CTISummit! Don’t miss out, register now for FREE: sans.org/u/17xM #ThreatIntel #CTI
23
72
Hot off the press! #DFIR #NetworkForensics Poster! Get your printed copy at the #DFIRSummit in June! Register here: sans.org/u/o2m
3
42
72
Well guys....It is out and @robtlee beat us to the punch with the good news but it is true! #DFIRSummit is now free for the #DFIR community! Register now so you can secure your seat. Don't let this opportunity pass by!! #FreeDFIRSummit #SANSLiveOnline
BREAKING NEWS! DFIR SUMMIT 2020 (July 16/17) is now virtual & (wait for it) --> FREE --> IT IS FREE!!! SIGN UP NOW TO GET A RESERVED SLOT! sansurl.com/dfir-summit-free #justreleased #DFIR #DFIRSUMMIT #FreeDFIRSummit #digitalforensics #infosec
4
32
72
Congrats @phillmoore on your @SANSInstitute promotion to #DFIR Certified Instructor! "Phill reminds us everyday how lucky we are to be in this field, and his example pushes us all to get more involved and contribute more to our community." - @chadtilbury
11
13
70
🚨 In case you missed it... Ever tried running #Windows-based #ForensicsTools on #Linux? It's possible—and powerful. SANS Instructor and #DFIR expert Seth Enoka walks through installing and using #EZTools natively on Linux. Read the blog → buff.ly/U1GvYjr
1
21
75
5,534
In a landmark operation, the notorious #LockBit #ransomware gang faced a significant disruption. Dive into the details with @rj_chap & @BushidoToken as they dissect the recent events and forecast the ramifications for #cybersecurity 👉2/26 1:00 pm ET piped.video/watch?v=Ith3IgY8…
33
69
27,386
Calling all Forensicators!! Download the New #Rekall & #MemoryForensics Cheatsheet! @sibertor #DFIR ow.ly/qIEw30ewlzm
26
72
The #WindowsForensicAnalysis poster has been revised to support modern Windows investigations! Use it as a cheat sheet of WinXP - Windows 11 operating system artifacts & a means to discover important artifacts. Download now! 👉sans.org/u/1nNm @chadtilbury @4enzikat0r
13
72
Released at the #DFIRSummit, the #New2DFIR Field Manual written by @4enzikat0r @phillmoore @DFS_JasonJ #FOR308 authors & @HeatherMahalik, will help develop your skills & find a network of people to support you getting into the industry. Download it here: dfir.to/new2dfirmanual
4
31
64
The new version of #SIFT can work with more than 200 tools plug-ins from third-parties allowing it leverage data from other sources! Download #SIFT: sans.org/u/10ID
27
72
🚨NEW VIDEO ON YOUTUBE! 🚨 In their #ThreatHuntingSummit talk, @d1vious & @M_haggis share their #CobaltStrike scanning tool, named zoidbergstrike and explain how to use the data to better protect their enterprisee against actors using Cobalt Strike. piped.video/MWr6bvrrYHQ
1
31
68
NEW #DFIR #CloudForensics Cheat Sheet #GoogleWorkspace Artifact Reference Guide by @megan_roddie provides a list of events of interest when investigating Google Workspace incidents. Download now! sans.org/u/1vCm
28
66
8,538
POSTER UPDATE | #FOR500: #WindowsForensics Poster Blog by @chadtilbury This update was a nearly complete rewrite of the poster, with significant updates to every section! Read about it & download your copy here: sans.org/u/1o5g
34
69
9,942
Forensicators, did u download the NEW - SQlite Pocket Reference Guide #DFIR #FOR518 #MacForensics digital-forensics.sans.org/u…
47
66
Because You Can't Protect What You Don't Know, we're here to help! NEW #WindowsForensics Poster #DFIR digital-forensics.sans.org/u…
1
42
63
**DOWNLOAD IT NOW** - Tips for Reverse-Engineering #MaliciousCode **CHEAT SHEET** by @lennyzeltser Get it here --> digital-forensics.sans.org/u… Learn #REM with #FOR610 & @edygert in #SanFrancisco 11/26-12/1 Register--> sans.org/u/JqW | #DFIR
2
38
68
POSTER UPDATE | #FOR500: #WindowsForensics Poster Blog by @chadtilbury This update was a nearly complete rewrite of the poster, with significant updates to every section! Read about it & download your copy here: sans.org/u/1o5g
17
64
10,236
SANS #CTISummit is this Thursday — have you registered? Don't miss out, join fellow #threatintel analysts for 2 days of in-depth talks, panel discussions, and virtual networking opportunities. Check out the agenda and register now for FREE: sans.org/u/17y1 #CTI
32
63
🧰Featured Free Tool: EZ Tool🧰 A suite of open source digital forensics tools that can be used in a wide variety of investigations including cross validation of tools, providing insight into technical details not exposed by other tools, and more: digital-forensics.sans.org/u…
20
62
Don't miss this upcoming #CTISummit talk | Jan 30 - 31 🗓️ 🎤 Featured Talk: Malware Analysis: What's the Point? 👥 @ForensicITGuy, Sr. Malware Analyst, @redcanary ✍️ Register for the all-access Summit in Arlington, VA, or join us Live Online: sans.org/u/1n6n
1
16
63
14,776
NEW #DFIR POSTER | #MALWAREANALYSIS:TIPS & TRICKS by #FOR610 course author @lennyzeltser This poster provides a starting point to reverse-engineer & examine suspicious files like compiled executables & potentially malicious documents. DOWNLOAD IT NOW! 👉 sans.org/u/1mT9
22
64
Looking for an easy to use & fast forensic tool but don't have hours to invest into deployment, configuration and maintenance? Don't worry @PhilHagen has got you covered with a new version of #SOF-ELK! Learn more & download: digital-forensics.sans.org/u…
28
63
#SANS Certified Instructor & Former FBI Agent Eric Zimmerman @EricRZimmerman provides several open source command line tools free to the #DFIR Community. Learn more at piped.video/GhCZfCzn2l0 Download: digital-forensics.sans.org/u…
25
60
Ready for some short cuts? Forensics, Incident Response & #ThreatHunting Cheatsheet @EricRZimmerman #DFIR digital-forensics.sans.org/u…
31
63
#DFIR Community! We have new Poster updates ready to be downloaded! FOR572: #Network Forensics Poster: digital-forensics.sans.org/u… by @PhilHagen FOR508: #HuntEvil Poster: digital-forensics.sans.org/u… & FOR500; #WindowsForensics Poster: digital-forensics.sans.org/u… by @robtlee Get'em now!
1
31
63
🛠️ Elevate your forensic investigations with the new #SIFT Cheat Sheet by instructor Marcus Guevara! A must-have for #DFIR analysts, covering essential tools & techniques with @SANSInstitute #SIFT Workstation. #DFIR Download here: sans.org/u/1xIB
25
62
6,637
Malware Can Hide, But it Must Run get the NEW #MemoryForensics Poster FREE here! #DFIR digital-forensics.sans.org/u…
2
33
63
💡 New resource alert! Our #MemoryForensics Cheat Sheet is here to guide you through SANS #FOR508. From #memoryacquisition to detailed tool usage, it’s the reference you need. Enhance your forensic skills today! #DFIR @chadtilbury 👉sans.org/u/1xIr
23
59
7,439
Forensic @4cast Award: DFIR Non-commercial Tool of the Year WINNER... Autopsy - autopsy.com @carrier4n6 #DFIRSummit
1
13
60
NEW ON YOUTUBE! In this talk from the #CTISummit, @jfslowik provides a definition of pivoting that emphasizes an iterative methodology of analysis and refinement designed to yield insights into adversary behaviors. piped.video/IhUJH_mgVVk #cyberthreatintelligence #CTI
1
21
59
NEW POSTER just released! #CyberThreatIntelligence Consumption. Get your own hard-copy now: sans.org/u/hGE
50
61
POSTER UPDATE | #FOR500: #WindowsForensics Poster Blog by @chadtilbury This update was a nearly complete rewrite of the poster, with significant updates to every section! Read about it & download your copy here: sans.org/u/1o5g
27
56
12,917
Congratulations to the newest addition to @SANSInstitute #DFIR certified instructors @mbromileyDFIR welcome to the family! #FOR508 #IncidentResponse #ThreatHunting & #FOR572 #NetworkForensics #Infosec
2
15
57
Latest release of the SANS #SIFTWorkstation NOW AVAILABLE👍 Learn more: sans.org/u/1dMX Download now: sans.org/u/1dVA The move to the Ubuntu 20.04 LTS kernel gets SIFT up-to-date with security features, faster boot times, & enhanced performance. @chadtilbury
24
58
💻📱The #macOS and #iOS Forensic Analysis & #IncidentResponse poster is updated to the latest versions! Featuring "Evidence of.." categories, it provides key artifacts for #DigitalForensics, mapping to insights you use for Windows systems. 📥 Download: sans.org/u/1yHz
16
61
4,494
NEW | @SANSInstitute #DFIR Poster by @4enzikat0r & @rj_chap #Ransomware & #CyberExtortion poster provides an overview of the ransomware business ecosystem & with key points related to each of the major phases of a typical extortion attack Download now! sans.org/u/1uCq
20
51
18,309
💡 New from instructor Marcus Guevara: The SIFT Cheat Sheet! Your go-to guide for using the @SANSInstitute #SIFT Workstation, from timeline creation to detailed file system analysis. #MemoryForensics #CyberSec #DFIR Download here: sans.org/u/1xIB
24
56
8,199
NEW POSTER RELEASED! #DFIR Fundamentals poster will help you identify the data that you might need to analyze, determine where that data resides, & formulate a plan & procedures for the best way to collect & preserve that data Download now! sans.org/u/1vaR #ThinkDFIRently
15
56
10,974
At the upcoming #NewtoCyberSummit, @hacks4pancakes will speak on Landing a Job: Resumes and the Application Process! View Agenda and Register for Free: sans.org/u/1alf
16
51
Merry Christmas forensicators!
1
5
51
. @hexacorn Blog: Excelling at Excel, Part 2 ow.ly/ugxL104pE0o #DFIR
12
54
13,080
How do you integrate your threat hunting team with traditional SOC roles? @onfvp walks through threat hunting methodologies & how they complement the roles and responsibilities of traditional positions within a SOC in her #THIRSummit talk. Watch it now: piped.video/Ut1t_n6NPQE
15
54