Pinned
One artifact rarely tells the full story.
Jump Lists. LNK files. Prefetch.
Each captures different activity on a Windows system.
The challenge is connecting them.
๐ Quick reference in the playbook
๐ go.sans.org/RKG6xY
00:00
SANS DFIR
33.2K posts
SANS DFIR
@sansforensics
The world's leading Digital Forensics and Incident Response provider. This feed updates you on latest DFIR news, events, and training.
Joined February 2009
- JUST RELEASED at the #DFIRSummit the #macOS & #iOSForensicAnalysis poster This poster features "Evidence of..." categories that provide key macOS and iOS operating system artifacts that are relevant to digital investigations DOWNLOAD HERE: sans.org/u/1rPB
- ๐ฅ In case you missed it...the NEW #CTI Cheat Sheet is now available! Packed w/ frameworks, methodologies, & tips, this guide simplifies threat modeling, tackles cognitive biases, & sharpens your analysis. ๐ฅ Download your FREE copy: sans.org/u/1zTr #ThreatIntel #DFIR
- ๐จ THIS JUST IN: The ultimate #Linux guide is here! Created by @4enzikat0r & @tazwake this must-have forensic poster is your go-to resource for detecting rootkits, tracking attacker persistence, & analyzing timestamps. ๐ Get your FREE copy! buff.ly/pl8eiHo #DFIR
- How many of the ever-so-popular SANS #DFIR posters do you have? Check them all out and download for free: sans.org/u/12CH
- Congratulations to our #FOR526 co-author and instructor of many @SANSInstitute courses @MalwareJake on his promotion to Senior Instructor!
- ๐ The Linux #IncidentResponse & #ThreatHunting Poster by @4enzikat0r & @tazwake is your forensic roadmap, helping you analyze timestamps, track persistence mechanisms, & uncover hidden malware. ๐ฅ Download your FREE copy!: sans.org/u/1Avg #DFIR #Linux
- ๐ The Linux #IncidentResponse & #ThreatHunting Poster by @4enzikat0r & @tazwake is your forensic roadmap, helping you analyze timestamps, track persistence mechanisms, & uncover hidden malware. ๐ฅ Download your FREE copy!: sans.org/u/1Avg #DFIR #Linux
- ๐ง Forensic analysts, meet your new best friend: the SIFT Cheat Sheet by instructor Marcus Guevara covering mounting evidence, data recovery, and more with the @SANSInstitute #SIFT Workstation. Download now! sans.org/u/1xIB #DigitalForensics #CyberSecurity #DFIR
- This Valentine's Day @SANSInstitute is spreading the love by releasing the @EricZimmerman's Command Line Poster. The EZ tools provide scriptable, scalable, & repeatable results with astonishing speed and accuracy. This poster will show you how to use them. Get yours Feb 14th
- ๐ฅ The NEW #CTI Cheat Sheet by @likethecoins & Rebekah Brown is now available! Packed w/ frameworks & methodologies this guide simplifies threat modeling, tackles cognitive biases, & sharpens your analysis. ๐ฅ Download your FREE copy: sans.org/u/1zTr #ThreatIntel #DFIR
- JSON and jq Quick Start Guide Created by @PhilHagen and @DavidSzili, our new cheat sheet covers the basics of #JSON and some of the fundamentals of the jq utility, as a supplement to #FOR572. Download now: digital-forensics.sans.org/u/1cj6
- #Austin attendees! Don't forget to get your printed #HuntEvil, #WindowsForensics, #NetworkForensics, #MobileForensics & the BRAND NEW #CloudForensics posters across the main auditorium #DFIRSummit #dfir
- The #WindowsForensicAnalysis poster has been revised to support modern Windows investigations! Use it as a cheat sheet of WinXP - Windows 11 operating system artifacts & a means to discover important artifacts. Download now! ๐sans.org/u/1nNm @chadtilbury @4enzikat0r
