{"id":31826,"date":"2024-01-25T03:57:55","date_gmt":"2024-01-25T03:57:55","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=31826"},"modified":"2024-01-25T03:57:58","modified_gmt":"2024-01-25T03:57:58","slug":"dfir","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/dfir\/","title":{"rendered":"Microsoft Defender For Endpoint Curated List Of Resources For DFIR &#8211; Microsoft Defender For Endpoint Guide"},"content":{"rendered":"\n<p>Hey, thank you stopping by! Well, being here means that you are either familiar with the discipline of Digital Forensics and Incident Reponse (DFIR) or you are interested in beginning to explore DFIR tools and techniques. <\/p>\n\n\n\n<p>The common denominator, no matter what your sense is around DFIR, is that you are using Microsoft Defender for Endpoint (MDE) and the wider Microsoft Azure and Microsoft 365 Defender environments. <\/p>\n\n\n\n<p>I hope you will enjoy the following resources which come from my notes and relevant research and testing I have done. <\/p>\n\n\n\n<p>Do you have any other resources that fit here? Drop me a line at any of my mediums&nbsp;<a href=\"https:\/\/www.michalos.net\/about\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">here<\/a>&nbsp;or pull the repo and push your request to review it.<\/p>\n\n\n\n<p>If you find this repo useful, don&#8217;t forget to it!<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/cyb3rmik3\/MDE-DFIR-Resources#table-of-contents\"><\/a><strong>Table Of Contents<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Mitigate threats using Microsoft Defender for Endpoint<\/li>\n\n\n\n<li>Remote collection of Windows Forensic Artifacts using KAPE and MDE<\/li>\n\n\n\n<li>@BertJanCyber Incident Response guide<\/li>\n\n\n\n<li>THOR-Cloud forensic scanning through MDE<\/li>\n\n\n\n<li>HUNTERS Human-Friendly Guide for Incident Response &amp; Threat Hunting<\/li>\n\n\n\n<li>Microsoft Defender For Endpoint Live Response Script Sources<\/li>\n\n\n\n<li>Ginsu: A tool for repackaging large collections to traverse Windows Defender Live Response<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/cyb3rmik3\/MDE-DFIR-Resources#mitigate-threats-using-microsoft-defender-for-endpoint\"><\/a><strong>Mitigate Threats Using Microsoft Defender For Endpoint<\/strong><\/h2>\n\n\n\n<p>What better way to begin the resource list other than Microsoft Learn itself? MDE supports a lot of functionalities including artifact collection, containment, live response, advanced hunting and others which help analysts and investigators unfold alerts and incidents.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/learn.microsoft.com\/en-us\/training\/paths\/sc-200-mitigate-threats-using-microsoft-defender-for-endpoint\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Mitigate threats using Microsoft Defender for Endpoint<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/cyb3rmik3\/MDE-DFIR-Resources#remote-collection-of-windows-forensic-artifacts-using-kape-and-mde\"><\/a><strong>Remote Collection Of Windows Forensic Artifacts Using KAPE And MDE<\/strong><\/h2>\n\n\n\n<p>KAPE (Kroll Artifact Parser and Extractor) is a powerful DFIR tool by Eric Zimmerman that primarily collects and processes collected files.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/twitter.com\/DFIRanjith\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">@DFIRanjith<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/www.linkedin.com\/in\/krzysztof-miodonski\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Krzysztof Miodo\u0144ski<\/a>&nbsp;have built and published guides on how to deploy KAPE through MDE live response and collect forensic artefacts.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/medium.com\/@DFIRanjith\/remote-collection-of-windows-forensic-artifacts-using-kape-and-microsoft-defender-for-endpoint-f7d3a857e2e0\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Remote collection of Windows Forensic Artifacts using KAPE and MDE<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.linkedin.com\/pulse\/collaboration-between-kape-microsoft-defender-service-miodo%C5%84ski-ip2vf\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Collaboration between KAPE and MDE at the service of the SOC<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/cyb3rmik3\/MDE-DFIR-Resources#bertjancyber-incident-response-guide\"><\/a><strong>@BertJanCyber Incident Response Guide<\/strong><\/h2>\n\n\n\n<p>Bert-Jan (<a href=\"https:\/\/twitter.com\/BertJanCyber\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">@BertJanCyber<\/a>), a fellow community contributor has prepared a detailed and comprehensive guide on how to accommodate Microsoft technologies available including KQL queries and Live Response in order to practice the DFIR discipline.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/kqlquery.com\/posts\/kql-incident-response\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Incident Response Part 1: IR on Microsoft Security Incidents (KQL edition)<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/kqlquery.com\/posts\/kql-incident-response-everything-else\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Incident Response Part 2: What about the other logs?<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/kqlquery.com\/posts\/leveraging-live-response\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Incident Response Part 3: Leveraging Live Response<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/cyb3rmik3\/MDE-DFIR-Resources#thor-cloud-forensic-scanning-through-mde\"><\/a><strong>THOR-Cloud Forensic Scanning Through MDE<\/strong><\/h2>\n\n\n\n<p>THOR-Cloud allows live compromise assessment scans for YARA, Sigma and IOCs on endpoints through MDE. THOR-Cloud Lite comes with a free plan as well.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.youtube.com\/watch?v=ApeXFnFkKZg\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">THOR Cloud Lite Release Session<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.youtube.com\/watch?v=RubV7Cr1_FA\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">THOR Cloud Lite &#8211; Microsoft Defender ATP Integration<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/cyb3rmik3\/MDE-DFIR-Resources#hunters-human-friendly-guide-for-incident-response-and-threat-hunting\"><\/a><strong>HUNTERS Human-Friendly Guide For Incident Response And Threat Hunting<\/strong><\/h2>\n\n\n\n<p>HUNTERS, an advanced platform that leverages SIEM to help SOC teams, provides highly technical blogs around Microsoft Security. <\/p>\n\n\n\n<p>They started unfolding a series of blogs about IR and Threat hunting that really go deep into platform, differentiating sources, user&#8217;s permissions etc.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.hunters.security\/en\/blog\/human-friendly-guide-incident-response-microsoft-and-threat-hunting-azure-1?s=03\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">The Human-Friendly Guide: Incident Response &amp; Threat Hunting in Microsoft Azure, Part 1<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/cyb3rmik3\/MDE-DFIR-Resources#microsoft-defender-for-endpoint-live-response-script-sources\"><\/a><strong>Microsoft Defender For Endpoint Live Response Script Sources<\/strong><\/h2>\n\n\n\n<p>Repositories hosting Powershell script samples for &#8220;Live Response&#8221; that can be leveraged in your Microsoft Defender For Endpoint Environment.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/github.com\/Bert-JanP\/Incident-Response-Powershell\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Powershell Digital Forensics &amp; Incident Response (DFIR)<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/YongRhee-MDE\/LiveResponse\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Microsoft Defender Advanced Threat Protection LiveResponse<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/cyb3rmik3\/MDE-DFIR-Resources#ginsu-a-tool-for-repackaging-large-collections-to-traverse-windows-defender-live-response\"><\/a><strong>Ginsu A Tool For Repackaging Large Collections To Traverse Windows Defender Live Response<\/strong><\/h2>\n\n\n\n<p>This script uses 7zip (7za.exe) to compress a specified folder and then splits the resulting archive into sections of 3GB or less. <\/p>\n\n\n\n<p>It will work (and was designed for) files larger than 3GB. Windows Defender Live Response currently only supports pulling back files of 3GB or less via the console.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/bakerstreetforensics.com\/2023\/11\/16\/ginsu-a-tool-for-repackaging-large-collections-to-traverse-windows-defender-live-response\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Ginsu: A tool for repackaging large collections to traverse Windows Defender Live Response<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/dwmetz\/Ginsu\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Ginsu Github Repo<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Hey, thank you stopping by! Well, being here means that you are either familiar with the discipline of Digital Forensics and Incident Reponse (DFIR) or you are interested in beginning to explore DFIR tools and techniques. The common denominator, no matter what your sense is around DFIR, is that you are using Microsoft Defender for [&hellip;]<\/p>\n","protected":false},"author":12,"featured_media":31834,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhqhBnXl6J6VC6Qb1pTHtku36GBiG7jbq-ENin3Rglhge1J7SjvGaQt1PtJT1nLEggUCWnbuVm1sS06ihpod94FLA8il8JRWHk1PPzuMNyl4MSWec8UiuKlwY6Uv3vjd4M3kYHmBQFF5R-jBloFiu6kaB3BPzbRevxC3IE0qX5gC-gMKBUY6ZyI2LXC4xRq\/s16000\/Untitled%20design%20(13).webp","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[20],"tags":[737,826,6321,6052,6325],"class_list":["post-31826","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","tag-cybersecurity","tag-dfir","tag-informationsecurity","tag-kalilinux","tag-kalilinuxtools"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>DFIR<\/title>\n<meta name=\"description\" content=\"Hey, thank you stopping by! Well, being here means that you are either familiar with the discipline of Digital Forensics and Incident\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/dfir\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DFIR\" \/>\n<meta property=\"og:description\" content=\"Hey, thank you stopping by! Well, being here means that you are either familiar with the discipline of Digital Forensics and Incident\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/dfir\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-25T03:57:55+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-25T03:57:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhqhBnXl6J6VC6Qb1pTHtku36GBiG7jbq-ENin3Rglhge1J7SjvGaQt1PtJT1nLEggUCWnbuVm1sS06ihpod94FLA8il8JRWHk1PPzuMNyl4MSWec8UiuKlwY6Uv3vjd4M3kYHmBQFF5R-jBloFiu6kaB3BPzbRevxC3IE0qX5gC-gMKBUY6ZyI2LXC4xRq\/s16000\/Untitled%20design%20(13).webp\" \/>\n<meta name=\"author\" content=\"Varshini\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhqhBnXl6J6VC6Qb1pTHtku36GBiG7jbq-ENin3Rglhge1J7SjvGaQt1PtJT1nLEggUCWnbuVm1sS06ihpod94FLA8il8JRWHk1PPzuMNyl4MSWec8UiuKlwY6Uv3vjd4M3kYHmBQFF5R-jBloFiu6kaB3BPzbRevxC3IE0qX5gC-gMKBUY6ZyI2LXC4xRq\/s16000\/Untitled%20design%20(13).webp\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Varshini\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/dfir\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/dfir\/\"},\"author\":{\"name\":\"Varshini\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa\"},\"headline\":\"Microsoft Defender For Endpoint Curated List Of Resources For DFIR &#8211; Microsoft Defender For Endpoint Guide\",\"datePublished\":\"2024-01-25T03:57:55+00:00\",\"dateModified\":\"2024-01-25T03:57:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/dfir\/\"},\"wordCount\":622,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/dfir\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhqhBnXl6J6VC6Qb1pTHtku36GBiG7jbq-ENin3Rglhge1J7SjvGaQt1PtJT1nLEggUCWnbuVm1sS06ihpod94FLA8il8JRWHk1PPzuMNyl4MSWec8UiuKlwY6Uv3vjd4M3kYHmBQFF5R-jBloFiu6kaB3BPzbRevxC3IE0qX5gC-gMKBUY6ZyI2LXC4xRq\/s16000\/Untitled%20design%20(13).webp\",\"keywords\":[\"cybersecurity\",\"DFIR\",\"informationsecurity\",\"kalilinux\",\"kalilinuxtools\"],\"articleSection\":[\"Cyber security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/dfir\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/dfir\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/dfir\/\",\"name\":\"DFIR\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/dfir\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/dfir\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhqhBnXl6J6VC6Qb1pTHtku36GBiG7jbq-ENin3Rglhge1J7SjvGaQt1PtJT1nLEggUCWnbuVm1sS06ihpod94FLA8il8JRWHk1PPzuMNyl4MSWec8UiuKlwY6Uv3vjd4M3kYHmBQFF5R-jBloFiu6kaB3BPzbRevxC3IE0qX5gC-gMKBUY6ZyI2LXC4xRq\/s16000\/Untitled%20design%20(13).webp\",\"datePublished\":\"2024-01-25T03:57:55+00:00\",\"dateModified\":\"2024-01-25T03:57:58+00:00\",\"description\":\"Hey, thank you stopping by! Well, being here means that you are either familiar with the discipline of Digital Forensics and Incident\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/dfir\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/dfir\/#primaryimage\",\"url\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhqhBnXl6J6VC6Qb1pTHtku36GBiG7jbq-ENin3Rglhge1J7SjvGaQt1PtJT1nLEggUCWnbuVm1sS06ihpod94FLA8il8JRWHk1PPzuMNyl4MSWec8UiuKlwY6Uv3vjd4M3kYHmBQFF5R-jBloFiu6kaB3BPzbRevxC3IE0qX5gC-gMKBUY6ZyI2LXC4xRq\/s16000\/Untitled%20design%20(13).webp\",\"contentUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhqhBnXl6J6VC6Qb1pTHtku36GBiG7jbq-ENin3Rglhge1J7SjvGaQt1PtJT1nLEggUCWnbuVm1sS06ihpod94FLA8il8JRWHk1PPzuMNyl4MSWec8UiuKlwY6Uv3vjd4M3kYHmBQFF5R-jBloFiu6kaB3BPzbRevxC3IE0qX5gC-gMKBUY6ZyI2LXC4xRq\/s16000\/Untitled%20design%20(13).webp\",\"width\":\"1600\",\"height\":\"900\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa\",\"name\":\"Varshini\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g\",\"caption\":\"Varshini\"},\"description\":\"Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.\",\"sameAs\":[\"http:\/\/kalilinuxtutorials.com\",\"https:\/\/www.linkedin.com\/in\/senthamil-selvan-14043a285\/\"],\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/vinayakagrawal\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"DFIR","description":"Hey, thank you stopping by! Well, being here means that you are either familiar with the discipline of Digital Forensics and Incident","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/dfir\/","og_locale":"en_US","og_type":"article","og_title":"DFIR","og_description":"Hey, thank you stopping by! Well, being here means that you are either familiar with the discipline of Digital Forensics and Incident","og_url":"https:\/\/kalilinuxtutorials.com\/dfir\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2024-01-25T03:57:55+00:00","article_modified_time":"2024-01-25T03:57:58+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhqhBnXl6J6VC6Qb1pTHtku36GBiG7jbq-ENin3Rglhge1J7SjvGaQt1PtJT1nLEggUCWnbuVm1sS06ihpod94FLA8il8JRWHk1PPzuMNyl4MSWec8UiuKlwY6Uv3vjd4M3kYHmBQFF5R-jBloFiu6kaB3BPzbRevxC3IE0qX5gC-gMKBUY6ZyI2LXC4xRq\/s16000\/Untitled%20design%20(13).webp","type":"","width":"","height":""}],"author":"Varshini","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhqhBnXl6J6VC6Qb1pTHtku36GBiG7jbq-ENin3Rglhge1J7SjvGaQt1PtJT1nLEggUCWnbuVm1sS06ihpod94FLA8il8JRWHk1PPzuMNyl4MSWec8UiuKlwY6Uv3vjd4M3kYHmBQFF5R-jBloFiu6kaB3BPzbRevxC3IE0qX5gC-gMKBUY6ZyI2LXC4xRq\/s16000\/Untitled%20design%20(13).webp","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"Varshini","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/dfir\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/dfir\/"},"author":{"name":"Varshini","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa"},"headline":"Microsoft Defender For Endpoint Curated List Of Resources For DFIR &#8211; Microsoft Defender For Endpoint Guide","datePublished":"2024-01-25T03:57:55+00:00","dateModified":"2024-01-25T03:57:58+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/dfir\/"},"wordCount":622,"commentCount":0,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/dfir\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhqhBnXl6J6VC6Qb1pTHtku36GBiG7jbq-ENin3Rglhge1J7SjvGaQt1PtJT1nLEggUCWnbuVm1sS06ihpod94FLA8il8JRWHk1PPzuMNyl4MSWec8UiuKlwY6Uv3vjd4M3kYHmBQFF5R-jBloFiu6kaB3BPzbRevxC3IE0qX5gC-gMKBUY6ZyI2LXC4xRq\/s16000\/Untitled%20design%20(13).webp","keywords":["cybersecurity","DFIR","informationsecurity","kalilinux","kalilinuxtools"],"articleSection":["Cyber security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kalilinuxtutorials.com\/dfir\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/dfir\/","url":"https:\/\/kalilinuxtutorials.com\/dfir\/","name":"DFIR","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/dfir\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/dfir\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhqhBnXl6J6VC6Qb1pTHtku36GBiG7jbq-ENin3Rglhge1J7SjvGaQt1PtJT1nLEggUCWnbuVm1sS06ihpod94FLA8il8JRWHk1PPzuMNyl4MSWec8UiuKlwY6Uv3vjd4M3kYHmBQFF5R-jBloFiu6kaB3BPzbRevxC3IE0qX5gC-gMKBUY6ZyI2LXC4xRq\/s16000\/Untitled%20design%20(13).webp","datePublished":"2024-01-25T03:57:55+00:00","dateModified":"2024-01-25T03:57:58+00:00","description":"Hey, thank you stopping by! Well, being here means that you are either familiar with the discipline of Digital Forensics and Incident","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/dfir\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/dfir\/#primaryimage","url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhqhBnXl6J6VC6Qb1pTHtku36GBiG7jbq-ENin3Rglhge1J7SjvGaQt1PtJT1nLEggUCWnbuVm1sS06ihpod94FLA8il8JRWHk1PPzuMNyl4MSWec8UiuKlwY6Uv3vjd4M3kYHmBQFF5R-jBloFiu6kaB3BPzbRevxC3IE0qX5gC-gMKBUY6ZyI2LXC4xRq\/s16000\/Untitled%20design%20(13).webp","contentUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhqhBnXl6J6VC6Qb1pTHtku36GBiG7jbq-ENin3Rglhge1J7SjvGaQt1PtJT1nLEggUCWnbuVm1sS06ihpod94FLA8il8JRWHk1PPzuMNyl4MSWec8UiuKlwY6Uv3vjd4M3kYHmBQFF5R-jBloFiu6kaB3BPzbRevxC3IE0qX5gC-gMKBUY6ZyI2LXC4xRq\/s16000\/Untitled%20design%20(13).webp","width":"1600","height":"900"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/3c3b3f82a74146532c4def299fe069fa","name":"Varshini","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f19f43637c0f83fb3dcfb498f306b2a9ac0025ce85840ab52ee8c01f5361f269?s=96&d=mm&r=g","caption":"Varshini"},"description":"Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.","sameAs":["http:\/\/kalilinuxtutorials.com","https:\/\/www.linkedin.com\/in\/senthamil-selvan-14043a285\/"],"url":"https:\/\/kalilinuxtutorials.com\/author\/vinayakagrawal\/"}]}},"jetpack_featured_media_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhqhBnXl6J6VC6Qb1pTHtku36GBiG7jbq-ENin3Rglhge1J7SjvGaQt1PtJT1nLEggUCWnbuVm1sS06ihpod94FLA8il8JRWHk1PPzuMNyl4MSWec8UiuKlwY6Uv3vjd4M3kYHmBQFF5R-jBloFiu6kaB3BPzbRevxC3IE0qX5gC-gMKBUY6ZyI2LXC4xRq\/s16000\/Untitled%20design%20(13).webp","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":36831,"url":"https:\/\/kalilinuxtutorials.com\/powershell-digital-forensics-and-incident-response\/","url_meta":{"origin":31826,"position":0},"title":"Powershell Digital Forensics And Incident Response","author":"Varshini","date":"March 4, 2025","format":false,"excerpt":"PowerShell has emerged as a vital tool in Digital Forensics and Incident Response (DFIR), offering robust capabilities for automating data collection, analysis, and containment during cybersecurity incidents. The PowerShell DFIR-Script.ps1 repository exemplifies how PowerShell can streamline forensic investigations on Windows systems. Key Features Of DFIR-Script.ps1 The DFIR-Script.ps1 is a PowerShell-based\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/How-VPN-Helps-Ensure-Internet-Security1.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/How-VPN-Helps-Ensure-Internet-Security1.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/How-VPN-Helps-Ensure-Internet-Security1.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/How-VPN-Helps-Ensure-Internet-Security1.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/How-VPN-Helps-Ensure-Internet-Security1.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/How-VPN-Helps-Ensure-Internet-Security1.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":32027,"url":"https:\/\/kalilinuxtutorials.com\/powershell-digital-forensics-and-incident-response-dfir\/","url_meta":{"origin":31826,"position":1},"title":"Powershell Digital Forensics And Incident Response (DFIR) &#8211; Leveraging Scripts For Effective Cybersecurity","author":"Varshini","date":"February 12, 2024","format":false,"excerpt":"This repository contains multiple PowerShell scripts that can help you respond to cyber attacks on Windows Devices. The following Incident Response scripts are included: DFIR Script: Collects all items as listed in section\u00a0DFIR Script. CollectWindowsEvents: Collects all Windows events and outputs it as CSV. CollectWindowsSecurityEvents: Collects all Windows security events\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhOTQ49HkV2Wm4pXqaTGqnEW_jdPI5v5he8fOjbGnbvkoPPZZYQ0Wd4AURziDyPtdNctpbCXqQ5FXHPUnAQx9vuO-tBkRmRXaAFpHn1gXmaz7gw4Rv9G0YnW_ZNb9sm_JBoAsW9IcyIuTpenSM2qfw31pJAZA1MOUofQXnLWaAmr-2WqrT1bgLF40S0oaai\/s16000\/Untitled%20design%20%2813%29.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhOTQ49HkV2Wm4pXqaTGqnEW_jdPI5v5he8fOjbGnbvkoPPZZYQ0Wd4AURziDyPtdNctpbCXqQ5FXHPUnAQx9vuO-tBkRmRXaAFpHn1gXmaz7gw4Rv9G0YnW_ZNb9sm_JBoAsW9IcyIuTpenSM2qfw31pJAZA1MOUofQXnLWaAmr-2WqrT1bgLF40S0oaai\/s16000\/Untitled%20design%20%2813%29.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhOTQ49HkV2Wm4pXqaTGqnEW_jdPI5v5he8fOjbGnbvkoPPZZYQ0Wd4AURziDyPtdNctpbCXqQ5FXHPUnAQx9vuO-tBkRmRXaAFpHn1gXmaz7gw4Rv9G0YnW_ZNb9sm_JBoAsW9IcyIuTpenSM2qfw31pJAZA1MOUofQXnLWaAmr-2WqrT1bgLF40S0oaai\/s16000\/Untitled%20design%20%2813%29.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhOTQ49HkV2Wm4pXqaTGqnEW_jdPI5v5he8fOjbGnbvkoPPZZYQ0Wd4AURziDyPtdNctpbCXqQ5FXHPUnAQx9vuO-tBkRmRXaAFpHn1gXmaz7gw4Rv9G0YnW_ZNb9sm_JBoAsW9IcyIuTpenSM2qfw31pJAZA1MOUofQXnLWaAmr-2WqrT1bgLF40S0oaai\/s16000\/Untitled%20design%20%2813%29.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhOTQ49HkV2Wm4pXqaTGqnEW_jdPI5v5he8fOjbGnbvkoPPZZYQ0Wd4AURziDyPtdNctpbCXqQ5FXHPUnAQx9vuO-tBkRmRXaAFpHn1gXmaz7gw4Rv9G0YnW_ZNb9sm_JBoAsW9IcyIuTpenSM2qfw31pJAZA1MOUofQXnLWaAmr-2WqrT1bgLF40S0oaai\/s16000\/Untitled%20design%20%2813%29.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhOTQ49HkV2Wm4pXqaTGqnEW_jdPI5v5he8fOjbGnbvkoPPZZYQ0Wd4AURziDyPtdNctpbCXqQ5FXHPUnAQx9vuO-tBkRmRXaAFpHn1gXmaz7gw4Rv9G0YnW_ZNb9sm_JBoAsW9IcyIuTpenSM2qfw31pJAZA1MOUofQXnLWaAmr-2WqrT1bgLF40S0oaai\/s16000\/Untitled%20design%20%2813%29.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":32555,"url":"https:\/\/kalilinuxtutorials.com\/dfir-2\/","url_meta":{"origin":31826,"position":2},"title":"Powershell Digital Forensics And Incident Response (DFIR) &#8211; Essential Scripts For Windows Cyber Defense","author":"Varshini","date":"April 1, 2024","format":false,"excerpt":"Powershell Digital Forensics & Incident Response (DFIR) equips cybersecurity professionals with a suite of PowerShell scripts tailored for effective incident handling on Windows devices. From collecting forensic artifacts to analyzing security events, these tools streamline the process of identifying, understanding, and mitigating cyber threats, ensuring a robust defense mechanism in\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi5jb2FY12UFfg84DDD3Ol7k3X__D1hmJhCrKwOpGzoz2QImMq6bwdweFJd4bBQx3hsqh5gaBLiIjFgo3RJrayQvx2PaE8ikHGcz74gwQOpSwAB3iOOfPLKFLoXdargaf8R2y4AyN8-cb-hJR82v9fzOKX_fuLh3aIWegv0vePEg16-IEBnHqvuka-fa9ct\/s16000\/DFIR%20%281%29.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi5jb2FY12UFfg84DDD3Ol7k3X__D1hmJhCrKwOpGzoz2QImMq6bwdweFJd4bBQx3hsqh5gaBLiIjFgo3RJrayQvx2PaE8ikHGcz74gwQOpSwAB3iOOfPLKFLoXdargaf8R2y4AyN8-cb-hJR82v9fzOKX_fuLh3aIWegv0vePEg16-IEBnHqvuka-fa9ct\/s16000\/DFIR%20%281%29.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi5jb2FY12UFfg84DDD3Ol7k3X__D1hmJhCrKwOpGzoz2QImMq6bwdweFJd4bBQx3hsqh5gaBLiIjFgo3RJrayQvx2PaE8ikHGcz74gwQOpSwAB3iOOfPLKFLoXdargaf8R2y4AyN8-cb-hJR82v9fzOKX_fuLh3aIWegv0vePEg16-IEBnHqvuka-fa9ct\/s16000\/DFIR%20%281%29.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi5jb2FY12UFfg84DDD3Ol7k3X__D1hmJhCrKwOpGzoz2QImMq6bwdweFJd4bBQx3hsqh5gaBLiIjFgo3RJrayQvx2PaE8ikHGcz74gwQOpSwAB3iOOfPLKFLoXdargaf8R2y4AyN8-cb-hJR82v9fzOKX_fuLh3aIWegv0vePEg16-IEBnHqvuka-fa9ct\/s16000\/DFIR%20%281%29.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi5jb2FY12UFfg84DDD3Ol7k3X__D1hmJhCrKwOpGzoz2QImMq6bwdweFJd4bBQx3hsqh5gaBLiIjFgo3RJrayQvx2PaE8ikHGcz74gwQOpSwAB3iOOfPLKFLoXdargaf8R2y4AyN8-cb-hJR82v9fzOKX_fuLh3aIWegv0vePEg16-IEBnHqvuka-fa9ct\/s16000\/DFIR%20%281%29.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi5jb2FY12UFfg84DDD3Ol7k3X__D1hmJhCrKwOpGzoz2QImMq6bwdweFJd4bBQx3hsqh5gaBLiIjFgo3RJrayQvx2PaE8ikHGcz74gwQOpSwAB3iOOfPLKFLoXdargaf8R2y4AyN8-cb-hJR82v9fzOKX_fuLh3aIWegv0vePEg16-IEBnHqvuka-fa9ct\/s16000\/DFIR%20%281%29.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":13128,"url":"https:\/\/kalilinuxtutorials.com\/dfir-o365rc-power\/","url_meta":{"origin":31826,"position":3},"title":"DFIR-O365RC : PowerShell Module For Office 365 And Azure AD Log Collection","author":"R K","date":"May 30, 2021","format":false,"excerpt":"The DFIR-O365RC PowerShell module is a set of functions that allow the DFIR analyst to collect logs relevant for Office 365 Business Email Compromise investigations. The logs are generated in JSON format and retrieved from two main data sources: Office 365\u00a0Unified Audit Logs.Azure AD\u00a0sign-ins logs\u00a0and\u00a0audit logs. The two data sources\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":27618,"url":"https:\/\/kalilinuxtutorials.com\/collect-memorydump\/","url_meta":{"origin":31826,"position":4},"title":"Collect-MemoryDump : Automated Creation Of Windows Memory Snapshots For DFIR","author":"R K","date":"November 16, 2022","format":false,"excerpt":"Collect-MemoryDump is automated Creation of Windows Memory Snapshots for DFIR. Collect-MemoryDump.ps1 is PowerShell script utilized to collect a Memory Snapshot from a live Windows system (in a forensically sound manner). Features Checks for Hostname and Physical Memory Size before starting memory acquisition Checks if you have enough free disk space\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEipvqO5Dtm5LdRHTLqK-Ni90fg8uXfdEp29GRIrv7V7Vt0kWTC1cvY8DP5He7ZPb4N26UIMnd9VUuSLXqda9Hwfbd4N8f69xmoLgMwjVjiVkLIB2Nm_OnMmFoD9jba-1z20gCqjk5pLAwNC-cJ7XQEca1r5TkmzNc-IdQRuC-V2_hrHC1Vd7PUQMVlA\/s728\/Collect-MemoryDump1.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEipvqO5Dtm5LdRHTLqK-Ni90fg8uXfdEp29GRIrv7V7Vt0kWTC1cvY8DP5He7ZPb4N26UIMnd9VUuSLXqda9Hwfbd4N8f69xmoLgMwjVjiVkLIB2Nm_OnMmFoD9jba-1z20gCqjk5pLAwNC-cJ7XQEca1r5TkmzNc-IdQRuC-V2_hrHC1Vd7PUQMVlA\/s728\/Collect-MemoryDump1.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEipvqO5Dtm5LdRHTLqK-Ni90fg8uXfdEp29GRIrv7V7Vt0kWTC1cvY8DP5He7ZPb4N26UIMnd9VUuSLXqda9Hwfbd4N8f69xmoLgMwjVjiVkLIB2Nm_OnMmFoD9jba-1z20gCqjk5pLAwNC-cJ7XQEca1r5TkmzNc-IdQRuC-V2_hrHC1Vd7PUQMVlA\/s728\/Collect-MemoryDump1.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEipvqO5Dtm5LdRHTLqK-Ni90fg8uXfdEp29GRIrv7V7Vt0kWTC1cvY8DP5He7ZPb4N26UIMnd9VUuSLXqda9Hwfbd4N8f69xmoLgMwjVjiVkLIB2Nm_OnMmFoD9jba-1z20gCqjk5pLAwNC-cJ7XQEca1r5TkmzNc-IdQRuC-V2_hrHC1Vd7PUQMVlA\/s728\/Collect-MemoryDump1.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":31276,"url":"https:\/\/kalilinuxtutorials.com\/awesome-bec\/","url_meta":{"origin":31826,"position":5},"title":"Awesome-BEC &#8211; Unveiling A Comprehensive Resource For Business Email Compromise Investigations","author":"Varshini","date":"November 14, 2023","format":false,"excerpt":"A Comprehensive Resource for Business Email Compromise Investigations.' In the ever-evolving landscape of cyber threats, business email compromise (BEC) remains a persistent and costly threat. This article explores Awesome-BEC, a curated repository of invaluable attack and defensive information, tools, and research dedicated to combating BEC attacks. Discover the wealth of\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhFs0qjA7Sg-PMvScoWTDuAWmHL_hlhRggQ1Szz4rKosfuyAM-Ns00EPf1FOFpx20fXS8nx7j5Y2tcw7PqZPOpdcx4oxB9F2JG5Ca1AWS9kA2sgmm6hC8qZs10ZnP0tRUeef65aO-LtngTWgPpj8WIDqG8GZZlBC4C3Hn3sz_SfZuHdJbxjpUX7yjDbmA\/s16000\/BEC.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhFs0qjA7Sg-PMvScoWTDuAWmHL_hlhRggQ1Szz4rKosfuyAM-Ns00EPf1FOFpx20fXS8nx7j5Y2tcw7PqZPOpdcx4oxB9F2JG5Ca1AWS9kA2sgmm6hC8qZs10ZnP0tRUeef65aO-LtngTWgPpj8WIDqG8GZZlBC4C3Hn3sz_SfZuHdJbxjpUX7yjDbmA\/s16000\/BEC.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhFs0qjA7Sg-PMvScoWTDuAWmHL_hlhRggQ1Szz4rKosfuyAM-Ns00EPf1FOFpx20fXS8nx7j5Y2tcw7PqZPOpdcx4oxB9F2JG5Ca1AWS9kA2sgmm6hC8qZs10ZnP0tRUeef65aO-LtngTWgPpj8WIDqG8GZZlBC4C3Hn3sz_SfZuHdJbxjpUX7yjDbmA\/s16000\/BEC.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhFs0qjA7Sg-PMvScoWTDuAWmHL_hlhRggQ1Szz4rKosfuyAM-Ns00EPf1FOFpx20fXS8nx7j5Y2tcw7PqZPOpdcx4oxB9F2JG5Ca1AWS9kA2sgmm6hC8qZs10ZnP0tRUeef65aO-LtngTWgPpj8WIDqG8GZZlBC4C3Hn3sz_SfZuHdJbxjpUX7yjDbmA\/s16000\/BEC.webp?resize=700%2C400&ssl=1 2x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/31826","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=31826"}],"version-history":[{"count":3,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/31826\/revisions"}],"predecessor-version":[{"id":31833,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/31826\/revisions\/31833"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/31834"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=31826"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=31826"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=31826"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}