DFIR Diva
@dfirdiva.bsky.social
DFIR Analyst
Blog: https://dfirdiva.com/
Free & Affordable Training (DFIR, OSINT, Cybersecurity): https://training.dfirdiva.com/
Community Events: https://events.dfirdiva.com/
Curated List of Discounts: https://training.dfirdiva.com/current-discounts
Blog: https://dfirdiva.com/
Free & Affordable Training (DFIR, OSINT, Cybersecurity): https://training.dfirdiva.com/
Community Events: https://events.dfirdiva.com/
Curated List of Discounts: https://training.dfirdiva.com/current-discounts
Hack The Box is hosting their first all Blue CTF next month!
Dates: September 22nd - 26th
Form a team and compete for prizes 🏆
Challenges Include:
- DFIR
- SOC
- Malware Reversing
- Threat Intelligence
Link: ctf.hackthebox.com/event/detail...
Dates: September 22nd - 26th
Form a team and compete for prizes 🏆
Challenges Include:
- DFIR
- SOC
- Malware Reversing
- Threat Intelligence
Link: ctf.hackthebox.com/event/detail...
August 10, 2025 at 1:42 AM
Hack The Box is hosting their first all Blue CTF next month!
Dates: September 22nd - 26th
Form a team and compete for prizes 🏆
Challenges Include:
- DFIR
- SOC
- Malware Reversing
- Threat Intelligence
Link: ctf.hackthebox.com/event/detail...
Dates: September 22nd - 26th
Form a team and compete for prizes 🏆
Challenges Include:
- DFIR
- SOC
- Malware Reversing
- Threat Intelligence
Link: ctf.hackthebox.com/event/detail...
Reposted by DFIR Diva
I recorded a brief video, walking through some of the different functions in MalChela in the new GUI, stepping through basic static analysis to yara rule writing - all in minutes.
youtu.be/hI1EqojI1DA
#DFIR #MalwareAnalysis #YARA #MITRE #Rust
MalChela: github.com/dwmetz/MalCh...
#DFIR #MalwareAnalysis #YARA #MITRE #Rust
MalChela: github.com/dwmetz/MalCh...
MalChela GUI Walk through
YouTube video by Doug Metz
youtu.be
April 28, 2025 at 2:08 PM
I recorded a brief video, walking through some of the different functions in MalChela in the new GUI, stepping through basic static analysis to yara rule writing - all in minutes.
youtu.be/hI1EqojI1DA
#DFIR #MalwareAnalysis #YARA #MITRE #Rust
MalChela: github.com/dwmetz/MalCh...
#DFIR #MalwareAnalysis #YARA #MITRE #Rust
MalChela: github.com/dwmetz/MalCh...
Reposted by DFIR Diva
This is an interesting write up on a slightly different #Docker #container #malware attack from the Cado Security and Darktrace teams.
🔗 www.darktrace.com/blog/obfusca...
🔗 www.darktrace.com/blog/obfusca...
April 28, 2025 at 10:46 AM
This is an interesting write up on a slightly different #Docker #container #malware attack from the Cado Security and Darktrace teams.
🔗 www.darktrace.com/blog/obfusca...
🔗 www.darktrace.com/blog/obfusca...
Reposted by DFIR Diva
Interested in learning about #DFIR and don't know where to start? Then we highly recommend you check out our full "C5W-100 - Introduction to Digital Forensics" course. It is completely FREE and it should help you get started. #infosec #cybersecurity
academy.cyber5w.com/courses/C5W-...
academy.cyber5w.com/courses/C5W-...
C5W-100 INTRODUCTION TO DIGITAL FORENSICS
academy.cyber5w.com
April 4, 2025 at 6:46 PM
Interested in learning about #DFIR and don't know where to start? Then we highly recommend you check out our full "C5W-100 - Introduction to Digital Forensics" course. It is completely FREE and it should help you get started. #infosec #cybersecurity
academy.cyber5w.com/courses/C5W-...
academy.cyber5w.com/courses/C5W-...
Reposted by DFIR Diva
🐍 SLEUTHCON is coming! 🐍
Registration and CFP are now open for this year’s SLEUTHCON—happening June 6th, both in-person in Arlington, VA, and virtually.
www.sleuthcon.com
1/x
Registration and CFP are now open for this year’s SLEUTHCON—happening June 6th, both in-person in Arlington, VA, and virtually.
www.sleuthcon.com
1/x
March 18, 2025 at 6:33 PM
🐍 SLEUTHCON is coming! 🐍
Registration and CFP are now open for this year’s SLEUTHCON—happening June 6th, both in-person in Arlington, VA, and virtually.
www.sleuthcon.com
1/x
Registration and CFP are now open for this year’s SLEUTHCON—happening June 6th, both in-person in Arlington, VA, and virtually.
www.sleuthcon.com
1/x
Reposted by DFIR Diva
There's a new Hindsight release!
Hindsight v2025.03 focuses on Extensions - parsing more activity and state records, highlighting Extension permissions, and making it easier to examine Manifests.
🌐 Blog: dfir.blog/hindsight-pa...
🛠️ Tool download: hindsig.ht/release
#DFIR #Chrome #Extensions
Hindsight v2025.03 focuses on Extensions - parsing more activity and state records, highlighting Extension permissions, and making it easier to examine Manifests.
🌐 Blog: dfir.blog/hindsight-pa...
🛠️ Tool download: hindsig.ht/release
#DFIR #Chrome #Extensions
Hindsight v2025.03 Released!
Hindsight v2025.03 focuses on Extensions - parsing more activity and state records, highlighting Extension permissions, and making it easier to examine Manifests.
dfir.blog
March 11, 2025 at 5:08 PM
There's a new Hindsight release!
Hindsight v2025.03 focuses on Extensions - parsing more activity and state records, highlighting Extension permissions, and making it easier to examine Manifests.
🌐 Blog: dfir.blog/hindsight-pa...
🛠️ Tool download: hindsig.ht/release
#DFIR #Chrome #Extensions
Hindsight v2025.03 focuses on Extensions - parsing more activity and state records, highlighting Extension permissions, and making it easier to examine Manifests.
🌐 Blog: dfir.blog/hindsight-pa...
🛠️ Tool download: hindsig.ht/release
#DFIR #Chrome #Extensions
Reposted by DFIR Diva
New Autopsy release is out! 🎉
It's been a minute, but it's out. Notable features are BitLocker support and it can run side-by-side with Cyber Triage. Plus, a bunch of library updates.
Now Cyber Triage and Autopsy can be used on the same case at the same time!
www.autopsy.com/autopsy-4-22...
It's been a minute, but it's out. Notable features are BitLocker support and it can run side-by-side with Cyber Triage. Plus, a bunch of library updates.
Now Cyber Triage and Autopsy can be used on the same case at the same time!
www.autopsy.com/autopsy-4-22...
Autopsy - Autopsy 4.22.0: BitLocker Support, Cyber Triage Sidecar, Library Updates
Autopsy 4.22.0 includes BitLocker support, ability to run alongside Cyber Triage, and updates to lower-level libraries.
www.autopsy.com
March 11, 2025 at 8:36 PM
New Autopsy release is out! 🎉
It's been a minute, but it's out. Notable features are BitLocker support and it can run side-by-side with Cyber Triage. Plus, a bunch of library updates.
Now Cyber Triage and Autopsy can be used on the same case at the same time!
www.autopsy.com/autopsy-4-22...
It's been a minute, but it's out. Notable features are BitLocker support and it can run side-by-side with Cyber Triage. Plus, a bunch of library updates.
Now Cyber Triage and Autopsy can be used on the same case at the same time!
www.autopsy.com/autopsy-4-22...
New Blog Post! Free & Affordable Training News Monthly: Feb - Mar 2025
- Newly released DFIR, OSINT, and Malware Analysis training, tools, and books from February 2025
- Upcoming events for March 2025
Link: dfirdiva.com/free-afforda...
#DFIR #IncidentResponse #MalwareAnalysis #OSINT
- Newly released DFIR, OSINT, and Malware Analysis training, tools, and books from February 2025
- Upcoming events for March 2025
Link: dfirdiva.com/free-afforda...
#DFIR #IncidentResponse #MalwareAnalysis #OSINT
Free & Affordable Training News Monthly: Feb - Mar 2025
Newly released Digital Forensics, Incident Response, Malware Analysis and OSINT training, tools, and books from February 2025. Upcoming events for March.
dfirdiva.com
March 10, 2025 at 5:55 AM
New Blog Post! Free & Affordable Training News Monthly: Feb - Mar 2025
- Newly released DFIR, OSINT, and Malware Analysis training, tools, and books from February 2025
- Upcoming events for March 2025
Link: dfirdiva.com/free-afforda...
#DFIR #IncidentResponse #MalwareAnalysis #OSINT
- Newly released DFIR, OSINT, and Malware Analysis training, tools, and books from February 2025
- Upcoming events for March 2025
Link: dfirdiva.com/free-afforda...
#DFIR #IncidentResponse #MalwareAnalysis #OSINT
I noticed the DFIR & Blue Team Certifications + Training for under $1,000 section had a lot of broken links. They've been fixed 🙂
training.dfirdiva.com/listing-cate...
#DFIR
training.dfirdiva.com/listing-cate...
#DFIR
DFIR & Blue Team Certifications + Training Under $1,000 - Free & Affordable DFIR, OSINT, & Cybersecurity Training
Digital Forensics & Incident Response (DFIR) and Blue Team Certifications with Training Included Under $1,000
training.dfirdiva.com
March 9, 2025 at 2:11 AM
I noticed the DFIR & Blue Team Certifications + Training for under $1,000 section had a lot of broken links. They've been fixed 🙂
training.dfirdiva.com/listing-cate...
#DFIR
training.dfirdiva.com/listing-cate...
#DFIR
Reposted by DFIR Diva
Missed the @magnetforensics.bsky.social Virtual Summit #CTF but want the images for testing and learning? We have already shared them with @nist.bsky.social CFReDS cfreds.nist.gov/all/Hexordia...
CFReDS Portal
cfreds.nist.gov
February 18, 2025 at 3:46 PM
Missed the @magnetforensics.bsky.social Virtual Summit #CTF but want the images for testing and learning? We have already shared them with @nist.bsky.social CFReDS cfreds.nist.gov/all/Hexordia...
Reposted by DFIR Diva
February 17, 2025 at 2:25 PM
Ultimate Cybersecurity Career Humble Bundle!
Includes:
- Incident Response for Windows
- The OSINT Handbook
- Effective Threat Investigation for SOC Analysts
and more!
Link: humblebundleinc.sjv.io/kOaeod
(Partner Link)
#DFIR #IncidentResponse #MalwareAnalysis #Cybersecurity #OSINT
Includes:
- Incident Response for Windows
- The OSINT Handbook
- Effective Threat Investigation for SOC Analysts
and more!
Link: humblebundleinc.sjv.io/kOaeod
(Partner Link)
#DFIR #IncidentResponse #MalwareAnalysis #Cybersecurity #OSINT
Humble Tech Book Bundle: Ultimate Cybersecurity Career by Packt
Jump-start your exciting new cybersecurity career with this outstanding library of tech courses. Pay what you want & support World Central Kitchen!
humblebundleinc.sjv.io
February 8, 2025 at 11:00 PM
Ultimate Cybersecurity Career Humble Bundle!
Includes:
- Incident Response for Windows
- The OSINT Handbook
- Effective Threat Investigation for SOC Analysts
and more!
Link: humblebundleinc.sjv.io/kOaeod
(Partner Link)
#DFIR #IncidentResponse #MalwareAnalysis #Cybersecurity #OSINT
Includes:
- Incident Response for Windows
- The OSINT Handbook
- Effective Threat Investigation for SOC Analysts
and more!
Link: humblebundleinc.sjv.io/kOaeod
(Partner Link)
#DFIR #IncidentResponse #MalwareAnalysis #Cybersecurity #OSINT
DFIR Giveaway! You could win:
✅A FREE @detegoglobal.bsky.social Digital Forensics & Cyber Crime Investigations course worth $399 each
✅Detego merch pack
✅‘Force of Justus’ crime novel
Enter here: detegoglobal.com/dfirdiva
THREE winners will be announced March 10th, 2025!
#DFIR
✅A FREE @detegoglobal.bsky.social Digital Forensics & Cyber Crime Investigations course worth $399 each
✅Detego merch pack
✅‘Force of Justus’ crime novel
Enter here: detegoglobal.com/dfirdiva
THREE winners will be announced March 10th, 2025!
#DFIR
February 8, 2025 at 1:53 AM
DFIR Giveaway! You could win:
✅A FREE @detegoglobal.bsky.social Digital Forensics & Cyber Crime Investigations course worth $399 each
✅Detego merch pack
✅‘Force of Justus’ crime novel
Enter here: detegoglobal.com/dfirdiva
THREE winners will be announced March 10th, 2025!
#DFIR
✅A FREE @detegoglobal.bsky.social Digital Forensics & Cyber Crime Investigations course worth $399 each
✅Detego merch pack
✅‘Force of Justus’ crime novel
Enter here: detegoglobal.com/dfirdiva
THREE winners will be announced March 10th, 2025!
#DFIR
Free & Affordable Training News Monthly: Dec 2024 - Feb 2025
- Newly released DFIR, OSINT, and Malware Analysis training, tools, and books from Dec 2024 & Jan 2025
- Upcoming CTFs and training for February, 2025
Link: dfirdiva.com/free-amp-aff...
#DFIR #IncidentResponse #MalwareAnalysis #OSINT
- Newly released DFIR, OSINT, and Malware Analysis training, tools, and books from Dec 2024 & Jan 2025
- Upcoming CTFs and training for February, 2025
Link: dfirdiva.com/free-amp-aff...
#DFIR #IncidentResponse #MalwareAnalysis #OSINT
February 3, 2025 at 9:33 AM
Free & Affordable Training News Monthly: Dec 2024 - Feb 2025
- Newly released DFIR, OSINT, and Malware Analysis training, tools, and books from Dec 2024 & Jan 2025
- Upcoming CTFs and training for February, 2025
Link: dfirdiva.com/free-amp-aff...
#DFIR #IncidentResponse #MalwareAnalysis #OSINT
- Newly released DFIR, OSINT, and Malware Analysis training, tools, and books from Dec 2024 & Jan 2025
- Upcoming CTFs and training for February, 2025
Link: dfirdiva.com/free-amp-aff...
#DFIR #IncidentResponse #MalwareAnalysis #OSINT
The winner of the @13cubed.bsky.social XPlat Bundle is @dfirjw.bsky.social! Congrats!
January 13, 2025 at 12:17 AM
The winner of the @13cubed.bsky.social XPlat Bundle is @dfirjw.bsky.social! Congrats!
Happy New Year! I partnered with @13cubed.bsky.social for a giveaway of his XPlat training/certification Bundle!
To Enter: Like, Repost, and Leave a Comment
On January 12th, 1 winner will be chosen from LinkedIn and 1 winner will be chosen from Bluesky.
#DFIR #DigitalForensics #IncidentResponse
To Enter: Like, Repost, and Leave a Comment
On January 12th, 1 winner will be chosen from LinkedIn and 1 winner will be chosen from Bluesky.
#DFIR #DigitalForensics #IncidentResponse
January 1, 2025 at 10:48 PM
Happy New Year! I partnered with @13cubed.bsky.social for a giveaway of his XPlat training/certification Bundle!
To Enter: Like, Repost, and Leave a Comment
On January 12th, 1 winner will be chosen from LinkedIn and 1 winner will be chosen from Bluesky.
#DFIR #DigitalForensics #IncidentResponse
To Enter: Like, Repost, and Leave a Comment
On January 12th, 1 winner will be chosen from LinkedIn and 1 winner will be chosen from Bluesky.
#DFIR #DigitalForensics #IncidentResponse
Reposted by DFIR Diva
"Mastering Sysmon: Deploying, Configuring, and Fine-Tuning"
A free mini eBook for #DFIR professionals with practical steps to deploy, fine-tune, and start logging with Sysmon.
dfirinsights.com/2024/11/27/m...
#infosec #blueteam
A free mini eBook for #DFIR professionals with practical steps to deploy, fine-tune, and start logging with Sysmon.
dfirinsights.com/2024/11/27/m...
#infosec #blueteam
Mastering Sysmon free DFIR e-book release - DFIR Insights
Today is the day! I'm announcing the release of my guide: "Mastering Sysmon: Deploying, Configuring, and Fine-Tuning", a free mini eBook designed specifically for digital forensics and incident respon...
dfirinsights.com
December 16, 2024 at 11:18 AM
"Mastering Sysmon: Deploying, Configuring, and Fine-Tuning"
A free mini eBook for #DFIR professionals with practical steps to deploy, fine-tune, and start logging with Sysmon.
dfirinsights.com/2024/11/27/m...
#infosec #blueteam
A free mini eBook for #DFIR professionals with practical steps to deploy, fine-tune, and start logging with Sysmon.
dfirinsights.com/2024/11/27/m...
#infosec #blueteam
Reposted by DFIR Diva
Reposted by DFIR Diva
I have 76 feeds in this list. Next week I will add more podcasts, but if I am missing important blogs (and I KNOW I am), give me a hand. Don't be shy - post your own blogs too. #OSINT
knowledgebase.plessas.net/OSINT-Feeds-...
knowledgebase.plessas.net/OSINT-Feeds-...
December 12, 2024 at 2:43 PM
I have 76 feeds in this list. Next week I will add more podcasts, but if I am missing important blogs (and I KNOW I am), give me a hand. Don't be shy - post your own blogs too. #OSINT
knowledgebase.plessas.net/OSINT-Feeds-...
knowledgebase.plessas.net/OSINT-Feeds-...
Reposted by DFIR Diva
Just a heads up. M$ is OCRing all your images in OneDrive for business in an unsecured database on your desktop/laptop. Happy Friday. #DFIR
December 6, 2024 at 9:39 PM
Just a heads up. M$ is OCRing all your images in OneDrive for business in an unsecured database on your desktop/laptop. Happy Friday. #DFIR
Reposted by DFIR Diva
We uploaded a new #OSINT challenge for you to try your hand at. Can you identify the Latitude and Longitude of where this photo was taken?
www.youtube.com/shorts/6iYuE...
www.youtube.com/shorts/6iYuE...
#OSINT Challenge: Blue City Sign
YouTube video by OSINT Dojo
www.youtube.com
December 7, 2024 at 4:31 AM
We uploaded a new #OSINT challenge for you to try your hand at. Can you identify the Latitude and Longitude of where this photo was taken?
www.youtube.com/shorts/6iYuE...
www.youtube.com/shorts/6iYuE...
Reposted by DFIR Diva
Great spreadshit for #DFIR to know if something was executed - blog.1234n6.com/available-ar...
Available Artifacts - Indicators of Execution Updated
The "Indicators of Execution" spreadsheet I put together in 2018 has been somewhat neglected of late. So, with the release of Server 2025 I set about updating it to reflect the current state of Window...
blog.1234n6.com
December 5, 2024 at 7:14 AM
Great spreadshit for #DFIR to know if something was executed - blog.1234n6.com/available-ar...
Reposted by DFIR Diva
Accelerated Rust Windows Memory Dump Analysis (ISBN-13: 978-1912636891) is now available in PDF format with and without recording and additional materials: www.patterndiagnostics.com/accelerated-...
December 5, 2024 at 8:29 AM
Accelerated Rust Windows Memory Dump Analysis (ISBN-13: 978-1912636891) is now available in PDF format with and without recording and additional materials: www.patterndiagnostics.com/accelerated-...
Reposted by DFIR Diva
Want to take part in the Magnet Virtual Summit #CaptureTheFlag competition? Let @b1n2h3x.bsky.social share some helpful info, including what's new (like the ability to play in teams), how to take part, and where to get some tips & tricks: ow.ly/mHW350UkTXe #MVS2025 #CTF #DFIR
Magnet Virtual Summit 2025 Capture the Flag - Magnet Forensics
Join the MVS Capture The Flag for a gamified digital forensics challenge! Compete solo or in a team, win prizes.
ow.ly
December 4, 2024 at 3:37 PM
Want to take part in the Magnet Virtual Summit #CaptureTheFlag competition? Let @b1n2h3x.bsky.social share some helpful info, including what's new (like the ability to play in teams), how to take part, and where to get some tips & tricks: ow.ly/mHW350UkTXe #MVS2025 #CTF #DFIR