One artifact rarely tells the full story.
Jump Lists. LNK files. Prefetch.
Each captures different activity on a Windows system.
The challenge is connecting them.
👇 Quick reference in the playbook
👉 go.sans.org/RKG6xY
JUST RELEASED at the #DFIRSummit the #macOS & #iOSForensicAnalysis poster
This poster features "Evidence of..." categories that provide key macOS and iOS operating system artifacts that are relevant to digital investigations
DOWNLOAD HERE: sans.org/u/1rPB
🔥 In case you missed it...the NEW #CTI Cheat Sheet is now available!
Packed w/ frameworks, methodologies, & tips, this guide simplifies threat modeling, tackles cognitive biases, & sharpens your analysis.
📥 Download your FREE copy: sans.org/u/1zTr#ThreatIntel#DFIR
🚨 THIS JUST IN: The ultimate #Linux guide is here!
Created by @4enzikat0r & @tazwake this must-have forensic poster is your go-to resource for detecting rootkits, tracking attacker persistence, & analyzing timestamps.
📄 Get your FREE copy! buff.ly/pl8eiHo#DFIR
This Valentine's Day @SANSInstitute is spreading the love by releasing the @EricZimmerman's Command Line Poster. The EZ tools provide scriptable, scalable, & repeatable results with astonishing speed and accuracy. This poster will show you how to use them. Get yours Feb 14th
🔥 The NEW #CTI Cheat Sheet by @likethecoins & Rebekah Brown is now available!
Packed w/ frameworks & methodologies this guide simplifies threat modeling, tackles cognitive biases, & sharpens your analysis.
📥 Download your FREE copy: sans.org/u/1zTr#ThreatIntel#DFIR
The #WindowsForensicAnalysis poster has been revised to support modern Windows investigations! Use it as a cheat sheet of WinXP - Windows 11 operating system artifacts & a means to discover important artifacts.
Download now! 👉sans.org/u/1nNm@chadtilbury@4enzikat0r
🧰Featured Free Tool: EZ Tool🧰
A suite of open source digital forensics tools that can be used in a wide variety of investigations including cross validation of tools, providing insight into technical details not exposed by other tools, and more: digital-forensics.sans.org/u…
Congratulations to our #Mac#iOS guru @iamevltwin Sarah Edwards for being promoted to SANS Senior Instructor! Just like your #FOR518 course is unique to our #DFIR Curriculum, your talent and willingness to give back to the Community is unique too! Congratulations Sarah!
You might want to block off a few hours (or days) from your schedule… Check out this epic list of 150+ FREE tools created by SANS faculty for #cybersecurity pros: sans.org/u/11WG
The #WindowsForensicAnalysis poster has been revised to support modern Windows investigations! Use it as a cheat sheet of WinXP - Windows 11 operating system artifacts & a means to discover important artifacts.
Download now! 👉sans.org/u/1nNm@chadtilbury@4enzikat0r
🧰Featured Free Tool: EZ Tool🧰
A suite of open source digital forensics tools that can be used in a wide variety of investigations including cross validation of tools, providing insight into technical details not exposed by other tools, and more: digital-forensics.sans.org/u…
NEW #DFIR POSTER | #MALWAREANALYSIS:TIPS & TRICKS by #FOR610 course author @lennyzeltser
This poster provides a starting point to reverse-engineer & examine suspicious files like compiled executables & potentially malicious documents.
DOWNLOAD IT NOW! 👉 sans.org/u/1mT9
HOT OFF THE PRESS!! New #Windows Third-Party #AppsForensics Reference Guide Poster provides a detailed exploration of artifacts from 46 third-party applications commonly found on devices running the Windows operating system. Download it now!
#DFIRsans.org/u/1jFX
Former FBI Agent @EricRZimmerman provides several open source command line tools free to the #DFIR Community. These open source digital forensics tools are used daily in a variety of investigations all over the world!
Download today: digital-forensics.sans.org/u…
NEW VIDEO!
In his #ThreatHuntingSummit talk, @antonlovesdnb discusses what data sources are required to gain visibility into macro executions, how to baseline such executions in an environment & how to effectively filter out less risky macro executions.
piped.video/soF5iyeeWDg
🙌COMING JUNE 2021🙌
NEW #FOR509: Enterprise #CloudForensics & #IncidentResponse
From cloud equivalents of network traffic monitoring to direct hypervisor interaction for evidence preservation, learn cloud forensics' new capabilities. #DFIR
Read blog👉sans.org/u/1cQ0
The #WindowsForensicAnalysis poster has been revised to support modern Windows investigations! Use it as a cheat sheet of WinXP - Windows 11 operating system artifacts & a means to discover important artifacts.
Download now! 👉sans.org/u/1nNm@chadtilbury@4enzikat0r
🧰Featured Free Tool: EZ Tool🧰
A suite of open source digital forensics tools that can be used in a wide variety of investigations including cross validation of tools, providing insight into technical details not exposed by other tools, and more: digital-forensics.sans.org/u…
In his #ThreatHuntingSummit talk, @antonlovesdnb discusses what data sources are required to gain visibility into macro executions, how to baseline such executions in an environment, and how to effectively filter out less risky macro executions.
piped.video/soF5iyeeWDg
📄 In case you haven't grabbed your copy...
The #CTI Cheat Sheet v1.0 created by @likethecoins & @PDXBek simplifies threat modeling, tackles cognitive biases, & sharpens your analysis.
📥 Grab your FREE copy: buff.ly/7sAn10C#ThreatIntel#DFIR
🔎 Want to #ThreatHunt more effectively?
Start by knowing what’s normal on a #Windows host. The Hunt Evil poster is your go-to process & baseline resource.
📄 Download your copy today: buff.ly/HkFgqSF#DFIR#FOR508
NEW UPDATED POSTER! The #FOR500 course dives deep into each category highlighted in this poster, providing insight and an understanding of how to piece together #DFIR artifacts
Download it now! 👉sans.org/u/1nNm@chadtilbury@4enzikat0r
NEW #DFIR POSTER | #MALWAREANALYSIS:TIPS & TRICKS by #FOR610 course author @lennyzeltser
This poster provides a starting point to reverse-engineer & examine suspicious files like compiled executables & potentially malicious documents.
DOWNLOAD IT NOW! 👉 sans.org/u/1mT9
🧰Featured Free Tool: EZ Tool🧰
A suite of open source digital forensics tools that can be used in a wide variety of investigations including cross validation of tools, providing insight into technical details not exposed by other tools, and more: digital-forensics.sans.org/u…
The first-ever *joint* FOR508/FOR572 capstone with an all-new data set is underway in Zürich. Teams are examining >250GB of disk, memory, and network evidence, collaborating across DFIR disciplines!
8 coins are one the line at #SANSZurich!
@mathias_fuchs@PhilHagen
🧰Featured Free Tool: EZ Tool🧰
A suite of open source digital forensics tools that can be used in a wide variety of investigations including cross validation of tools, providing insight into technical details not exposed by other tools, and more: digital-forensics.sans.org/u…
Join us at #DFIRSummit when Mehmet Ergene explains the difficulties and demonstrates a new method for effectively identifying malicious beaconing traffic at scale.
Register here: sans.org/u/1pkc#DFIR#IR#IncidentResponse
Well guys....It is out and @robtlee beat us to the punch with the good news but it is true! #DFIRSummit is now free for the #DFIR community! Register now so you can secure your seat. Don't let this opportunity pass by!! #FreeDFIRSummit#SANSLiveOnline
Congrats @phillmoore on your @SANSInstitute promotion to #DFIR Certified Instructor!
"Phill reminds us everyday how lucky we are to be in this field, and his example pushes us all to get more involved and contribute more to our community." - @chadtilbury
🚨 In case you missed it...
Ever tried running #Windows-based #ForensicsTools on #Linux? It's possible—and powerful. SANS Instructor and #DFIR expert Seth Enoka walks through installing and using #EZTools natively on Linux.
Read the blog → buff.ly/U1GvYjr
The #WindowsForensicAnalysis poster has been revised to support modern Windows investigations! Use it as a cheat sheet of WinXP - Windows 11 operating system artifacts & a means to discover important artifacts.
Download now! 👉sans.org/u/1nNm@chadtilbury@4enzikat0r
The new version of #SIFT can work with more than 200 tools plug-ins from third-parties allowing it leverage data from other sources!
Download #SIFT: sans.org/u/10ID
🚨NEW VIDEO ON YOUTUBE! 🚨
In their #ThreatHuntingSummit talk, @d1vious & @M_haggis share their #CobaltStrike scanning tool, named zoidbergstrike and explain how to use the data to better protect their enterprisee against actors using Cobalt Strike.
piped.video/MWr6bvrrYHQ
POSTER UPDATE | #FOR500: #WindowsForensics Poster Blog by @chadtilbury
This update was a nearly complete rewrite of the poster, with significant updates to every section!
Read about it & download your copy here: sans.org/u/1o5g
POSTER UPDATE | #FOR500: #WindowsForensics Poster Blog by @chadtilbury
This update was a nearly complete rewrite of the poster, with significant updates to every section!
Read about it & download your copy here: sans.org/u/1o5g
SANS #CTISummit is this Thursday — have you registered? Don't miss out, join fellow #threatintel analysts for 2 days of in-depth talks, panel discussions, and virtual networking opportunities.
Check out the agenda and register now for FREE: sans.org/u/17y1#CTI
🧰Featured Free Tool: EZ Tool🧰
A suite of open source digital forensics tools that can be used in a wide variety of investigations including cross validation of tools, providing insight into technical details not exposed by other tools, and more: digital-forensics.sans.org/u…
Don't miss this upcoming #CTISummit talk | Jan 30 - 31 🗓️
🎤 Featured Talk: Malware Analysis: What's the Point?
👥 @ForensicITGuy, Sr. Malware Analyst, @redcanary
✍️ Register for the all-access Summit in Arlington, VA, or join us Live Online: sans.org/u/1n6n
NEW #DFIR POSTER | #MALWAREANALYSIS:TIPS & TRICKS by #FOR610 course author @lennyzeltser
This poster provides a starting point to reverse-engineer & examine suspicious files like compiled executables & potentially malicious documents.
DOWNLOAD IT NOW! 👉 sans.org/u/1mT9
Looking for an easy to use & fast forensic tool but don't have hours to invest into deployment, configuration and maintenance? Don't worry @PhilHagen has got you covered with a new version of #SOF-ELK!
Learn more & download: digital-forensics.sans.org/u…
🛠️ Elevate your forensic investigations with the new #SIFT Cheat Sheet by instructor Marcus Guevara! A must-have for #DFIR analysts, covering essential tools & techniques with @SANSInstitute#SIFT Workstation. #DFIR
Download here: sans.org/u/1xIB
POSTER UPDATE | #FOR500: #WindowsForensics Poster Blog by @chadtilbury
This update was a nearly complete rewrite of the poster, with significant updates to every section!
Read about it & download your copy here: sans.org/u/1o5g
Latest release of the SANS #SIFTWorkstation NOW AVAILABLE👍 Learn more: sans.org/u/1dMX
Download now: sans.org/u/1dVA
The move to the Ubuntu 20.04 LTS kernel gets SIFT up-to-date with security features, faster boot times, & enhanced performance. @chadtilbury
💻📱The #macOS and #iOS Forensic Analysis & #IncidentResponse poster is updated to the latest versions!
Featuring "Evidence of.." categories, it provides key artifacts for #DigitalForensics, mapping to insights you use for Windows systems.
📥 Download: sans.org/u/1yHz
NEW POSTER RELEASED!
#DFIR Fundamentals poster will help you identify the data that you might need to analyze, determine where that data resides, & formulate a plan & procedures for the best way to collect & preserve that data
Download now! sans.org/u/1vaR#ThinkDFIRently
How do you integrate your threat hunting team with traditional SOC roles? @onfvp walks through threat hunting methodologies & how they complement the roles and responsibilities of traditional positions within a SOC in her #THIRSummit talk.
Watch it now: piped.video/Ut1t_n6NPQE