Velociraptor & Cyber Triage vs “DFIR World” attacks Learn from experts, Mike Cohen and Brian Carrier, how this integration can streamline your investigations. Join us on July 31st, register here: register.gotowebinar.com/register/12891…

Save this DFIR resource. Brian Carrier’s Divide + Conquer process ⤵ Try the software from the minds behind the training: cybertriage.com/download-eval/

Philosoraptor’s easiest question yet! And creators, Mike Cohen and Brian Carrier, explain how to this Thursday. With this integration, Velociraptor scans thousands of endpoints, and Cyber Triage dives into ~20 where the attacker was active. To register: register.gotowebinar.com/register/12891…

Understand investigation automation. Brian Carrier’s framework: cybertriage.com/blog/3-ways-to… You can test all 3 automation types with Cyber Triage. Trial copy: cybertriage.com/download-eval/

Save this DFIR series: Windows Registry Forensics 2025 ⤵ → Registry Forensics 2025: cybertriage.com/blog/windows-r… → Forensics Cheatsheet: cybertriage.com/blog/windows-r… → Forensics Tools: cybertriage.com/blog/2025-guid… P.S. Share this post to help other DFIR pros!

AI in digital investigations. Learn the basics from these 2 “guys”: → Brian Carrier → Sid Probstein Register now: attendee.gotowebinar.com/register/24378…

AI in DFIR has “levels” Only one doesn’t involve the investigator: Level 4 The ideal: → Full automation (level 4) for low-risk decisions. → Recommendation (level 3) for higher risk decisions.

Save this DFIR mini series: Jump Lists 2025 ⤵ → What Is a Jump List: cybertriage.com/blog/what-is-a… → Jump List Forensics: cybertriage.com/blog/jump-list… → Jump Lists Cache: cybertriage.com/blog/what-is-j… P.S. Share this post to help other DFIR pros!

Learn AI basics in DFIR: → AI + LMMs in DFIR overview → When to apply AI to investigations → Live demo of LLM + Cyber Triage Join experts Brian Carrier and Sid Probstein tomorrow! Register: attendee.gotowebinar.com/register/24378…

New SOC DFIR Automation ⤵ CyberTriage 3.15 can automatically pull + analyze Defender data. See it live with Brian Carrier and Chris Ray on September 11. Register: attendee.gotowebinar.com/register/41993…

New DFIR Research: Chris Ray’s comprehensive list of LogMeIn artifacts ⤵ → Windows events → Registry keys → Exe names → Domains → Log files → Folders Right here: cybertriage.com/blog/dfir-next… P.S. Share this post to help other DFIR pros!

Our 3 Best DFIR Blogs of 2025 (Ranked by views) ⤵ #1 Registry Forensics Cheat Sheet: cybertriage.com/blog/windows-r… #2 WMI Malware Forensics Guide: cybertriage.com/blog/wmi-malwa… #3 NTUSER.DAT Forensics: cybertriage.com/blog/ntuser-da… P.S. Share this post to help other DFIR pros!

Free your mind: Automate your DFIR. Tomorrow, join Brian Carrier and Chris Ray as they demo the new Defender → Cyber Triage automation. Register: attendee.gotowebinar.com/register/41993…

RMMs: The Perfect Diguise. And attackers will get away with it, unless you learn to unmask them. Next Thursday, Mike Wilkinson will teach you just that. Register: attendee.gotowebinar.com/register/69551…

Keep your eye on AnyDesk. Learn how to investigate suspicious AnyDesk use from Chris Ray: cybertriage.com/blog/dfir-next… P.S. Share this post to help other DFIR pros!

Catch DFIR’s Con Artists Thursday’s RMM masterclass: → Commonly abused RMM tools → DFIR artifacts they leave behind → Insights from those artifacts → How to investigate With Professor Mike Wilkinson Register: attendee.gotowebinar.com/register/69551…

85% of attacks use LOTL The Socrates of SOC investigations teaches his best approach⤵ This Thursday, Wade Wells, detection and response expert, shares: → War stories → Investigation approach → Top 3 tips for elite endpoint triage Register: register.gotowebinar.com/register/70352…

New DFIR Research: Pulseway (RMM) Abuse ⤵ Our team recently observed a threat actor using Pulseway for remote access and gaining full control of a system. Read Mike Wilkinson's research + investigation tips from the case: cybertriage.com/blog/dfir-next…

To EDR or not EDR? That’s the investigator’s question. Next Thursday, Blake Regan and Brian Carrier will tackle that and other questions facing SOC and IR teams trying to adapt to emerging threats and evolving tech. Register here: register.gotowebinar.com/register/90391…

DFIR is changing fast. How do investigators adapt their approach to stay effective? Today, 11 AM EST, Blake Regan and Brian Carrier debate when and when *not* to use EDR in DFIR, plus provide tools + techniques to use in modern investigations. Register: register.gotowebinar.com/register/90391…