macos-collector v1.1.0 released today! We have added the collection of Desktop Service Store Files (.DS_Store) and Apple Unified Logs (AUL). Check it out!🚀 github.com/LETHAL-FORENSI…

New Blog Post: YAMAGoya: A Real-time Client Monitoring Tool Using Sigma and YARA Rules blogs.jpcert.or.jp/en/2025/11/YAM…

We've added four new PowerShell scripts to the MacOS-Analyzer-Suite: - BTM-Analyzer (Persistence) - DSStore-Analyzer - Storyline-Analyzer (Aftermath) - Timeline-Analyzer (Aftermath) Happy Threat Hunting! 🚀 github.com/LETHAL-FORENSI…

Week 47 - 2025 #DFIR thisweekin4n6.com/2025/11/23/wee…

We are pleased to announce the release of macos-collector v1.2.0! We have added support for more macOS Forensic Artifacts and DMG creation to preserve Apple extended attributes.🚀 github.com/LETHAL-FORENSI…

My gift for Thanksgiving 💜 I wrote for you the blog post I always wanted to read! Happy holiday!🦃 PLEASE READ IT!!! wiz.io/blog/recent-oa…

FJTA has been updated. Now, the exported ext4/XFS journals can be analyzed. #DFIR github.com/mnrkbys/fjta#h…

macos-collector v1.3.0 released today! We have added Spotlight Database File Collection (incl. Live Searches) and BTM Database File Collection. Check it out!🚀 #macOS #MacForensics #DFIR #DigitalForensics #incidentresponse github.com/LETHAL-FORENSI…

Been working hard on KnockKnock v4.0 that'll have new persistence enumerations, better VirusTotal integration, & many new community-requested features & improvements! 😍 Want to take a prerelease for a spin? github.com/objective-see/… ...just lmk if anything breaks 😅🙏🏽

Knock Knock? Who’s there? KnockKnock v4.0 🔍 KnockKnock just turned 10 🥳 and version 4.0 is now out, bringing new features & improvements: 1️⃣ Start at login 2️⃣ Scan comparisons 3️⃣ Better VirusTotal integration 4️⃣ New plugin: Shell configuration files objective-see.org/products/knock…

Just released macos-collector v1.4.0 with the newest version of KnockKnock by Objective-See Foundation. System Information Collection and Recent Items Collection added. Happy macOS Threat Hunting!🚀 github.com/LETHAL-FORENSI…

A very important announcement for digital forensics practitioners - Swap Recon v1.0.0.14 just released with support for the latest Windows compression format (x64 & Arm) & decompression of corrupt compressed blocks. Take a new look at cold cases? ArsenalRecon.com #DFIR

📢 Hands-On Training: Anti-Forensics (and Anti-Anti-Forensics) Techniques for Incident Responders @ BruCON 2026 I’m excited to announce my upcoming hands-on training at BruCON 2026 in Mechelen. This in-depth technical course is designed for Incident Responders who want to

I just published Starship Vector! 🚀 An OS-independent + fast csv data explorer. Built with: 🦀 Tauri 🎨 Tailwind CSS 🦆 DuckDB I’d love for the DFIR community to check it out. I'm looking for feedback! starship.zip #DFIR #CyberSecurity #IncidentResponse #StarshipZip

DFIR analysts who use macOS as their daily driver deserve free and native forensic tooling. So I built one. 🍎 Introducing 𝗜𝗥𝗙𝗹𝗼𝘄 𝗧𝗶𝗺𝗲𝗹𝗶𝗻𝗲 — a timeline analysis app built from the ground up for Mac-based DFIR folks, forensic investigators, or SOC analysts. Built in

We just released macos-collector v1.5.0 with TrueTree Snapshot Collection and a bunch of additional system information. Check it out! 🚀#macOS #MacForensics #DFIR #DigitalForensics #IncidentResponse github.com/LETHAL-FORENSI…

One of the biggest pain points for macOS-based DFIR analysts: "I have a raw Master File Table ($MFT) or USN Journal ($J), but I need a Windows VM just to parse it." Not anymore. IRFlow Timeline now imports raw $MFT and $J files directly: a two-pass binary parser extracts 22

Get the latest release here: github.com/r3nzsec/irflow…

MacOS-Analyzer-Suite v1.2.0 released today! We have added two new PowerShell scripts: - KnockKnock-Analyzer - VirusTotal-Analyzer Happy Threat Hunting! 🚀 #MacForensics #DFIR #DigitalForensics #IncidentResponse #macOS github.com/LETHAL-FORENSI…

🎉 It’s time for a new 13Cubed episode! For macOS forensics, Fuji from Andrea Lazzarotto is a must-have. This episode is an excerpt from Investigating macOS Endpoints and covers the latest version, with major new changes. Let’s walk through a live acquisition! youtube.com/watch?v=9ZkLdF…