Useful Resources DFIR
Mostly blog and some youtube channel that I found on the internet
Blogs
https://docs.google.com/presentation/d/1N7RJ3yCJEJ0xfU12KFQW9I-c8Hu65QHgKgETVVTfY98/edit#slide=id.p (Slide about DFIR using vol 2)
https://www.tophertimzen.com/resources/cs407/slides/week02_02-Processes.html#slide1 (handles, processes, and tokens)
https://rstforums.com/forum/topic/85091-know-your-windows-processes-or-die-trying/ (Cheatsheet about Windows Processes)
https://www.aldeid.com/wiki/LIST_ENTRY (unlink a LIST_ENTRY from ActiveProcessLinks List)
https://www.aldeid.com/wiki/Main_Page (Good blog about security)
https://eforensicsmag.com/windows-process-internals-a-few-concepts-to-know-before-jumping-on-memory-forensics-by-kirtar-oza/ (Volshell and ActiveProcessLinks List)
https://forensic4cast.com/ (Good blog to follow)
https://digiforensics.blogspot.com/ (Just more good blog to follow)
http://windowsir.blogspot.com/ (Windows Digital Forensic)
https://aboutdfir.com/ (THE BEST DFIR Blog)
https://www.appliedincidentresponse.com/resources/ (Excellent resources)
https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference/ (command and cheat sheet for AD)
https://chocolatecoat4n6.com/2022/10/27/investigation-framework-1-scoping/ (DFIR Process - Guru stuff)
DFIR Challenge Site
https://www.honeynet.org/category/challenge/ (Network Forensic)
Tools
https://winprocs.dfir.tips/ (Windows Processes Search)
https://www.file.net/ (MS File Definition Search)
https://www.jaiminton.com/cheatsheet/DFIR/# (Cheat Sheet)
https://github.com/Velocidex/WinPmem (Memory Acquisition)
https://www.youtube.com/c/13cubed (explain very well about the forensic topic)
Check these tags on Twitter for more scenarios
Last updated