🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Virtual memory (pagefile.sys) forensic analysis digitalinvestigator.blogspot.com/2023/05/pagefi…

Slack space forensic analysis digitalinvestigator.blogspot.com/2023/06/search…

The Complete Cyber Security Course ⚡ #Infosec ~ Part 1 ~ Part 2 ~ Part 3 ~ Part 4 👇FREE Download Link 🖇️ mega.nz/folder/j8JzmYj…

Windows CMD command for security professionals digitalinvestigator.blogspot.com/2023/06/window…

This post examines a compromised Linux web server to determine how the adversary gained entry and the exploits used. The image analysed was provided by Ali Hadi | B!n@ry at the 2019 OSDFCon digitalinvestigator.blogspot.com/2023/09/linux-…

some WMI Fun! Get-WmiObject -Query "SELECT * FROM Win32_NetworkAdapterConfiguration" Get-WmiObject -Query "SELECT * FROM Win32_NTEventlogFile" Get-WmiObject -Query "SELECT * FROM Win32_PnPEntity" Get-WmiObject -Query "SELECT * FROM Win32_PnPDevice" Get-WmiObject -Query "SELECT *

if you wanted to write some logic for sandbox detection... check if the disk is encrypted... But you need LOCAL ADMIN to check this namespace Dan! Get-WmiObject -namespace "Root\cimv2\security\MicrosoftVolumeEncryption" -ClassName "Win32_Encryptablevolume" -filter

In this article, I examined a HDFS cluster breach case provided by Ali Hadi | B!n@ry using Tsurugi Linux, the sharpest weapon in your DFIR arsenal. digitalinvestigator.blogspot.com/2023/09/linux-…

Enumerating Active Directory with Powershell digitalinvestigator.blogspot.com/2023/10/active…

Tomorrow will be my first Linux Forensics training for Cyber 5W... The folks who registered are in for a good treat, not just in terms of content, but many other advantages! Thank you so much for registering and see you tomorrow! #DFIR #Linux

ELITEWOLF is on the hunt! NSA released a repository of signatures and analytics to secure Operational Technology. Check it out on GitHub: github.com/nsacyber/elite…

PowerShell commands for penetration testing. No modules, just plain Windows PowerShell digitalinvestigator.blogspot.com/2024/01/powers…

A post on hunting C2 beaconing with open-source tools using Tsurugi Linux digitalinvestigator.blogspot.com/2024/01/huntin…

Detecting manipulation in digital images digitalinvestigator.blogspot.com/2024/01/detect…

One of the most important skills in #DFIR is using a hex-editor. Therefore, I created a 40+ video series on how to use 010-editor, which is probably the best Hex Editor out there! youtube.com/playlist?list=…

A blog post on Malware anti-VM techniques and counter-measures digitalinvestigator.blogspot.com/2024/10/top-ma…

Decoding Antivirus Malware Detection Names for Incident Responders and Malware Analysts: All you need to know digitalinvestigator.blogspot.com/2024/11/decodi…

Dive into this post for a comprehensive guide to Linux log forensics. Perfect for investigators, sysadmins, and tech enthusiasts! 🛡️ Read it here: digitalinvestigator.blogspot.com/2024/11/analyz… Linux forensic image provided by Ali Hadi | B!n@ry, and forensic tool is Tsurugi Linux.

This article cover in succinct details, the hunting of adversary tradecraft with Windows event logs digitalinvestigator.blogspot.com/2025/03/uncove…

This long, but highly informative , read discussed in great details how to analyze a Windows Shell Link file. It does not discuss any tool usage but pure hexadecimal analysis to enlighten the DFIR examiner. digitalinvestigator.blogspot.com/2025/04/window…