Useful Resources DFIR

Mostly blog and some youtube channel that I found on the internet

Websites/Blogs

Blogs

• https://docs.google.com/presentation/d/1N7RJ3yCJEJ0xfU12KFQW9I-c8Hu65QHgKgETVVTfY98/edit#slide=id.p (Slide about DFIR using vol 2)

• https://www.tophertimzen.com/resources/cs407/slides/week02_02-Processes.html#slide1 (handles, processes, and tokens)

• https://rstforums.com/forum/topic/85091-know-your-windows-processes-or-die-trying/ (Cheatsheet about Windows Processes)

• https://www.aldeid.com/wiki/LIST_ENTRY (unlink a LIST_ENTRY from ActiveProcessLinks List)

• https://www.aldeid.com/wiki/Main_Page (Good blog about security)

• https://eforensicsmag.com/windows-process-internals-a-few-concepts-to-know-before-jumping-on-memory-forensics-by-kirtar-oza/ (Volshell and ActiveProcessLinks List)

• https://forensic4cast.com/ (Good blog to follow)

• https://digiforensics.blogspot.com/ (Just more good blog to follow)

• https://laskowski-tech.com/2019/02/18/volatility-workflow-for-basic-incident-response/ (Workflow)

• http://windowsir.blogspot.com/ (Windows Digital Forensic)

• https://aboutdfir.com/ (THE BEST DFIR Blog)

• https://www.appliedincidentresponse.com/resources/ (Excellent resources)

• https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference/ (command and cheat sheet for AD)

• https://chocolatecoat4n6.com/2022/10/27/investigation-framework-1-scoping/ (DFIR Process - Guru stuff)

DFIR Challenge Site

• https://www.honeynet.org/category/challenge/ (Network Forensic)

• https://downloads.digitalcorpora.org/corpora/scenarios/magnet/

Tools

• https://winprocs.dfir.tips/ (Windows Processes Search)

• https://www.file.net/ (MS File Definition Search)

• https://www.jaiminton.com/cheatsheet/DFIR/# (Cheat Sheet)

• https://github.com/Velocidex/WinPmem (Memory Acquisition)

Youtube

Check these tags on Twitter for more scenarios

#InvestigationPath