DFIR Diva
@dfirdiva.bsky.social
DFIR Analyst
Blog: https://dfirdiva.com/
Free & Affordable Training (DFIR, OSINT, Cybersecurity): https://training.dfirdiva.com/
Community Events: https://events.dfirdiva.com/
Curated List of Discounts: https://training.dfirdiva.com/current-discounts
Blog: https://dfirdiva.com/
Free & Affordable Training (DFIR, OSINT, Cybersecurity): https://training.dfirdiva.com/
Community Events: https://events.dfirdiva.com/
Curated List of Discounts: https://training.dfirdiva.com/current-discounts
On Valentine's Day (February 14th, 2026) entries from across three social media platforms will be combined and winners will be selected.
For more info check out:
13Cubed Courses: training.13cubed.com
Certification Information: training.13cubed.com/certifications
T-Shirts: shop.13cubed.com
For more info check out:
13Cubed Courses: training.13cubed.com
Certification Information: training.13cubed.com/certifications
T-Shirts: shop.13cubed.com
13Cubed
High quality, online, on-demand, and affordable digital forensics training courses from 13Cubed
training.13cubed.com
February 7, 2026 at 11:04 PM
On Valentine's Day (February 14th, 2026) entries from across three social media platforms will be combined and winners will be selected.
For more info check out:
13Cubed Courses: training.13cubed.com
Certification Information: training.13cubed.com/certifications
T-Shirts: shop.13cubed.com
For more info check out:
13Cubed Courses: training.13cubed.com
Certification Information: training.13cubed.com/certifications
T-Shirts: shop.13cubed.com
Courses to Choose From:
- Investigating Windows Endpoints
- Investigating Windows Memory
- Investigating macOS Endpoints
- Investigating Linux Devices
To Enter:
✅ Like
✅ Comment with the name of the course you want to win
✅ Repost
- Investigating Windows Endpoints
- Investigating Windows Memory
- Investigating macOS Endpoints
- Investigating Linux Devices
To Enter:
✅ Like
✅ Comment with the name of the course you want to win
✅ Repost
February 7, 2026 at 11:04 PM
Courses to Choose From:
- Investigating Windows Endpoints
- Investigating Windows Memory
- Investigating macOS Endpoints
- Investigating Linux Devices
To Enter:
✅ Like
✅ Comment with the name of the course you want to win
✅ Repost
- Investigating Windows Endpoints
- Investigating Windows Memory
- Investigating macOS Endpoints
- Investigating Linux Devices
To Enter:
✅ Like
✅ Comment with the name of the course you want to win
✅ Repost
📣 I partnered with @13cubed.bsky.social for a Valentine's Day Giveaway! 🎁
🏆1 Grand Prize winner will receive one course of their choice from the list below + a 13Cubed Investigator T-Shirt.
👕5 winners will receive a 13Cubed Investigator T-Shirt.
🏆1 Grand Prize winner will receive one course of their choice from the list below + a 13Cubed Investigator T-Shirt.
👕5 winners will receive a 13Cubed Investigator T-Shirt.
February 7, 2026 at 11:04 PM
📣 I partnered with @13cubed.bsky.social for a Valentine's Day Giveaway! 🎁
🏆1 Grand Prize winner will receive one course of their choice from the list below + a 13Cubed Investigator T-Shirt.
👕5 winners will receive a 13Cubed Investigator T-Shirt.
🏆1 Grand Prize winner will receive one course of their choice from the list below + a 13Cubed Investigator T-Shirt.
👕5 winners will receive a 13Cubed Investigator T-Shirt.
Congrats to the @13cubed.bsky.social giveaway winners!
December 8, 2025 at 3:25 AM
Congrats to the @13cubed.bsky.social giveaway winners!
On December 7th, entries from across three social media platforms will be combined and winners will be selected.
For more info check out:
XPlat Bundle Complete: training.13cubed.com/xplat-bundle...
Certification Information: training.13cubed.com/certifications
T-Shirts: shop.13cubed.com
For more info check out:
XPlat Bundle Complete: training.13cubed.com/xplat-bundle...
Certification Information: training.13cubed.com/certifications
T-Shirts: shop.13cubed.com
XPlat Bundle Complete
Master cross-platform forensics with our most comprehensive bundle. Enjoy 365-day access to Investigating Windows Endpoints, Investigating Windows Memory, Investigating Linux Devices, and Investigatin...
training.13cubed.com
December 1, 2025 at 8:06 PM
On December 7th, entries from across three social media platforms will be combined and winners will be selected.
For more info check out:
XPlat Bundle Complete: training.13cubed.com/xplat-bundle...
Certification Information: training.13cubed.com/certifications
T-Shirts: shop.13cubed.com
For more info check out:
XPlat Bundle Complete: training.13cubed.com/xplat-bundle...
Certification Information: training.13cubed.com/certifications
T-Shirts: shop.13cubed.com
📢 I partnered with @13cubed.bsky.social for another giveaway! 🎁
🏆 1 winner will receive a 13Cubed Investigator T-Shirt + the XPlat Bundle Complete
👕 5 winners will receive 13Cubed Investigator T-Shirts
To Enter: Like, Comment, and Repost
#DFIR #DigitalForensics #IncidentResponse
🏆 1 winner will receive a 13Cubed Investigator T-Shirt + the XPlat Bundle Complete
👕 5 winners will receive 13Cubed Investigator T-Shirts
To Enter: Like, Comment, and Repost
#DFIR #DigitalForensics #IncidentResponse
December 1, 2025 at 8:06 PM
📢 I partnered with @13cubed.bsky.social for another giveaway! 🎁
🏆 1 winner will receive a 13Cubed Investigator T-Shirt + the XPlat Bundle Complete
👕 5 winners will receive 13Cubed Investigator T-Shirts
To Enter: Like, Comment, and Repost
#DFIR #DigitalForensics #IncidentResponse
🏆 1 winner will receive a 13Cubed Investigator T-Shirt + the XPlat Bundle Complete
👕 5 winners will receive 13Cubed Investigator T-Shirts
To Enter: Like, Comment, and Repost
#DFIR #DigitalForensics #IncidentResponse
Hack The Box is hosting their first all Blue CTF next month!
Dates: September 22nd - 26th
Form a team and compete for prizes 🏆
Challenges Include:
- DFIR
- SOC
- Malware Reversing
- Threat Intelligence
Link: ctf.hackthebox.com/event/detail...
Dates: September 22nd - 26th
Form a team and compete for prizes 🏆
Challenges Include:
- DFIR
- SOC
- Malware Reversing
- Threat Intelligence
Link: ctf.hackthebox.com/event/detail...
August 10, 2025 at 1:42 AM
Hack The Box is hosting their first all Blue CTF next month!
Dates: September 22nd - 26th
Form a team and compete for prizes 🏆
Challenges Include:
- DFIR
- SOC
- Malware Reversing
- Threat Intelligence
Link: ctf.hackthebox.com/event/detail...
Dates: September 22nd - 26th
Form a team and compete for prizes 🏆
Challenges Include:
- DFIR
- SOC
- Malware Reversing
- Threat Intelligence
Link: ctf.hackthebox.com/event/detail...
Reposted by DFIR Diva
I recorded a brief video, walking through some of the different functions in MalChela in the new GUI, stepping through basic static analysis to yara rule writing - all in minutes.
youtu.be/hI1EqojI1DA
#DFIR #MalwareAnalysis #YARA #MITRE #Rust
MalChela: github.com/dwmetz/MalCh...
#DFIR #MalwareAnalysis #YARA #MITRE #Rust
MalChela: github.com/dwmetz/MalCh...
MalChela GUI Walk through
YouTube video by Doug Metz
youtu.be
April 28, 2025 at 2:08 PM
I recorded a brief video, walking through some of the different functions in MalChela in the new GUI, stepping through basic static analysis to yara rule writing - all in minutes.
youtu.be/hI1EqojI1DA
#DFIR #MalwareAnalysis #YARA #MITRE #Rust
MalChela: github.com/dwmetz/MalCh...
#DFIR #MalwareAnalysis #YARA #MITRE #Rust
MalChela: github.com/dwmetz/MalCh...
Reposted by DFIR Diva
This is an interesting write up on a slightly different #Docker #container #malware attack from the Cado Security and Darktrace teams.
🔗 www.darktrace.com/blog/obfusca...
🔗 www.darktrace.com/blog/obfusca...
April 28, 2025 at 10:46 AM
This is an interesting write up on a slightly different #Docker #container #malware attack from the Cado Security and Darktrace teams.
🔗 www.darktrace.com/blog/obfusca...
🔗 www.darktrace.com/blog/obfusca...
Reposted by DFIR Diva
Interested in learning about #DFIR and don't know where to start? Then we highly recommend you check out our full "C5W-100 - Introduction to Digital Forensics" course. It is completely FREE and it should help you get started. #infosec #cybersecurity
academy.cyber5w.com/courses/C5W-...
academy.cyber5w.com/courses/C5W-...
C5W-100 INTRODUCTION TO DIGITAL FORENSICS
academy.cyber5w.com
April 4, 2025 at 6:46 PM
Interested in learning about #DFIR and don't know where to start? Then we highly recommend you check out our full "C5W-100 - Introduction to Digital Forensics" course. It is completely FREE and it should help you get started. #infosec #cybersecurity
academy.cyber5w.com/courses/C5W-...
academy.cyber5w.com/courses/C5W-...
Reposted by DFIR Diva
🐍 SLEUTHCON is coming! 🐍
Registration and CFP are now open for this year’s SLEUTHCON—happening June 6th, both in-person in Arlington, VA, and virtually.
www.sleuthcon.com
1/x
Registration and CFP are now open for this year’s SLEUTHCON—happening June 6th, both in-person in Arlington, VA, and virtually.
www.sleuthcon.com
1/x
March 18, 2025 at 6:33 PM
🐍 SLEUTHCON is coming! 🐍
Registration and CFP are now open for this year’s SLEUTHCON—happening June 6th, both in-person in Arlington, VA, and virtually.
www.sleuthcon.com
1/x
Registration and CFP are now open for this year’s SLEUTHCON—happening June 6th, both in-person in Arlington, VA, and virtually.
www.sleuthcon.com
1/x
Reposted by DFIR Diva
There's a new Hindsight release!
Hindsight v2025.03 focuses on Extensions - parsing more activity and state records, highlighting Extension permissions, and making it easier to examine Manifests.
🌐 Blog: dfir.blog/hindsight-pa...
🛠️ Tool download: hindsig.ht/release
#DFIR #Chrome #Extensions
Hindsight v2025.03 focuses on Extensions - parsing more activity and state records, highlighting Extension permissions, and making it easier to examine Manifests.
🌐 Blog: dfir.blog/hindsight-pa...
🛠️ Tool download: hindsig.ht/release
#DFIR #Chrome #Extensions
Hindsight v2025.03 Released!
Hindsight v2025.03 focuses on Extensions - parsing more activity and state records, highlighting Extension permissions, and making it easier to examine Manifests.
dfir.blog
March 11, 2025 at 5:08 PM
There's a new Hindsight release!
Hindsight v2025.03 focuses on Extensions - parsing more activity and state records, highlighting Extension permissions, and making it easier to examine Manifests.
🌐 Blog: dfir.blog/hindsight-pa...
🛠️ Tool download: hindsig.ht/release
#DFIR #Chrome #Extensions
Hindsight v2025.03 focuses on Extensions - parsing more activity and state records, highlighting Extension permissions, and making it easier to examine Manifests.
🌐 Blog: dfir.blog/hindsight-pa...
🛠️ Tool download: hindsig.ht/release
#DFIR #Chrome #Extensions
Reposted by DFIR Diva
New Autopsy release is out! 🎉
It's been a minute, but it's out. Notable features are BitLocker support and it can run side-by-side with Cyber Triage. Plus, a bunch of library updates.
Now Cyber Triage and Autopsy can be used on the same case at the same time!
www.autopsy.com/autopsy-4-22...
It's been a minute, but it's out. Notable features are BitLocker support and it can run side-by-side with Cyber Triage. Plus, a bunch of library updates.
Now Cyber Triage and Autopsy can be used on the same case at the same time!
www.autopsy.com/autopsy-4-22...
Autopsy - Autopsy 4.22.0: BitLocker Support, Cyber Triage Sidecar, Library Updates
Autopsy 4.22.0 includes BitLocker support, ability to run alongside Cyber Triage, and updates to lower-level libraries.
www.autopsy.com
March 11, 2025 at 8:36 PM
New Autopsy release is out! 🎉
It's been a minute, but it's out. Notable features are BitLocker support and it can run side-by-side with Cyber Triage. Plus, a bunch of library updates.
Now Cyber Triage and Autopsy can be used on the same case at the same time!
www.autopsy.com/autopsy-4-22...
It's been a minute, but it's out. Notable features are BitLocker support and it can run side-by-side with Cyber Triage. Plus, a bunch of library updates.
Now Cyber Triage and Autopsy can be used on the same case at the same time!
www.autopsy.com/autopsy-4-22...
New Blog Post! Free & Affordable Training News Monthly: Feb - Mar 2025
- Newly released DFIR, OSINT, and Malware Analysis training, tools, and books from February 2025
- Upcoming events for March 2025
Link: dfirdiva.com/free-afforda...
#DFIR #IncidentResponse #MalwareAnalysis #OSINT
- Newly released DFIR, OSINT, and Malware Analysis training, tools, and books from February 2025
- Upcoming events for March 2025
Link: dfirdiva.com/free-afforda...
#DFIR #IncidentResponse #MalwareAnalysis #OSINT
Free & Affordable Training News Monthly: Feb - Mar 2025
Newly released Digital Forensics, Incident Response, Malware Analysis and OSINT training, tools, and books from February 2025. Upcoming events for March.
dfirdiva.com
March 10, 2025 at 5:55 AM
New Blog Post! Free & Affordable Training News Monthly: Feb - Mar 2025
- Newly released DFIR, OSINT, and Malware Analysis training, tools, and books from February 2025
- Upcoming events for March 2025
Link: dfirdiva.com/free-afforda...
#DFIR #IncidentResponse #MalwareAnalysis #OSINT
- Newly released DFIR, OSINT, and Malware Analysis training, tools, and books from February 2025
- Upcoming events for March 2025
Link: dfirdiva.com/free-afforda...
#DFIR #IncidentResponse #MalwareAnalysis #OSINT
I noticed the DFIR & Blue Team Certifications + Training for under $1,000 section had a lot of broken links. They've been fixed 🙂
training.dfirdiva.com/listing-cate...
#DFIR
training.dfirdiva.com/listing-cate...
#DFIR
DFIR & Blue Team Certifications + Training Under $1,000 - Free & Affordable DFIR, OSINT, & Cybersecurity Training
Digital Forensics & Incident Response (DFIR) and Blue Team Certifications with Training Included Under $1,000
training.dfirdiva.com
March 9, 2025 at 2:11 AM
I noticed the DFIR & Blue Team Certifications + Training for under $1,000 section had a lot of broken links. They've been fixed 🙂
training.dfirdiva.com/listing-cate...
#DFIR
training.dfirdiva.com/listing-cate...
#DFIR
Reposted by DFIR Diva
Missed the @magnetforensics.bsky.social Virtual Summit #CTF but want the images for testing and learning? We have already shared them with @nist.bsky.social CFReDS cfreds.nist.gov/all/Hexordia...
CFReDS Portal
cfreds.nist.gov
February 18, 2025 at 3:46 PM
Missed the @magnetforensics.bsky.social Virtual Summit #CTF but want the images for testing and learning? We have already shared them with @nist.bsky.social CFReDS cfreds.nist.gov/all/Hexordia...
Reposted by DFIR Diva
February 17, 2025 at 2:25 PM
Ultimate Cybersecurity Career Humble Bundle!
Includes:
- Incident Response for Windows
- The OSINT Handbook
- Effective Threat Investigation for SOC Analysts
and more!
Link: humblebundleinc.sjv.io/kOaeod
(Partner Link)
#DFIR #IncidentResponse #MalwareAnalysis #Cybersecurity #OSINT
Includes:
- Incident Response for Windows
- The OSINT Handbook
- Effective Threat Investigation for SOC Analysts
and more!
Link: humblebundleinc.sjv.io/kOaeod
(Partner Link)
#DFIR #IncidentResponse #MalwareAnalysis #Cybersecurity #OSINT
Humble Tech Book Bundle: Ultimate Cybersecurity Career by Packt
Jump-start your exciting new cybersecurity career with this outstanding library of tech courses. Pay what you want & support World Central Kitchen!
humblebundleinc.sjv.io
February 8, 2025 at 11:00 PM
Ultimate Cybersecurity Career Humble Bundle!
Includes:
- Incident Response for Windows
- The OSINT Handbook
- Effective Threat Investigation for SOC Analysts
and more!
Link: humblebundleinc.sjv.io/kOaeod
(Partner Link)
#DFIR #IncidentResponse #MalwareAnalysis #Cybersecurity #OSINT
Includes:
- Incident Response for Windows
- The OSINT Handbook
- Effective Threat Investigation for SOC Analysts
and more!
Link: humblebundleinc.sjv.io/kOaeod
(Partner Link)
#DFIR #IncidentResponse #MalwareAnalysis #Cybersecurity #OSINT
DFIR Giveaway! You could win:
✅A FREE @detegoglobal.bsky.social Digital Forensics & Cyber Crime Investigations course worth $399 each
✅Detego merch pack
✅‘Force of Justus’ crime novel
Enter here: detegoglobal.com/dfirdiva
THREE winners will be announced March 10th, 2025!
#DFIR
✅A FREE @detegoglobal.bsky.social Digital Forensics & Cyber Crime Investigations course worth $399 each
✅Detego merch pack
✅‘Force of Justus’ crime novel
Enter here: detegoglobal.com/dfirdiva
THREE winners will be announced March 10th, 2025!
#DFIR
February 8, 2025 at 1:53 AM
DFIR Giveaway! You could win:
✅A FREE @detegoglobal.bsky.social Digital Forensics & Cyber Crime Investigations course worth $399 each
✅Detego merch pack
✅‘Force of Justus’ crime novel
Enter here: detegoglobal.com/dfirdiva
THREE winners will be announced March 10th, 2025!
#DFIR
✅A FREE @detegoglobal.bsky.social Digital Forensics & Cyber Crime Investigations course worth $399 each
✅Detego merch pack
✅‘Force of Justus’ crime novel
Enter here: detegoglobal.com/dfirdiva
THREE winners will be announced March 10th, 2025!
#DFIR
Free & Affordable Training News Monthly: Dec 2024 - Feb 2025
- Newly released DFIR, OSINT, and Malware Analysis training, tools, and books from Dec 2024 & Jan 2025
- Upcoming CTFs and training for February, 2025
Link: dfirdiva.com/free-amp-aff...
#DFIR #IncidentResponse #MalwareAnalysis #OSINT
- Newly released DFIR, OSINT, and Malware Analysis training, tools, and books from Dec 2024 & Jan 2025
- Upcoming CTFs and training for February, 2025
Link: dfirdiva.com/free-amp-aff...
#DFIR #IncidentResponse #MalwareAnalysis #OSINT
February 3, 2025 at 9:33 AM
Free & Affordable Training News Monthly: Dec 2024 - Feb 2025
- Newly released DFIR, OSINT, and Malware Analysis training, tools, and books from Dec 2024 & Jan 2025
- Upcoming CTFs and training for February, 2025
Link: dfirdiva.com/free-amp-aff...
#DFIR #IncidentResponse #MalwareAnalysis #OSINT
- Newly released DFIR, OSINT, and Malware Analysis training, tools, and books from Dec 2024 & Jan 2025
- Upcoming CTFs and training for February, 2025
Link: dfirdiva.com/free-amp-aff...
#DFIR #IncidentResponse #MalwareAnalysis #OSINT
The winner of the @13cubed.bsky.social XPlat Bundle is @dfirjw.bsky.social! Congrats!
January 13, 2025 at 12:17 AM
The winner of the @13cubed.bsky.social XPlat Bundle is @dfirjw.bsky.social! Congrats!
The XPlat Bundle includes:
-Investigating Windows Endpoints
-Investigating Windows Memory
-Investigating Linux Devices
Learn more about it here: training.13cubed.com/xplat-bundle
-Investigating Windows Endpoints
-Investigating Windows Memory
-Investigating Linux Devices
Learn more about it here: training.13cubed.com/xplat-bundle
XPlat Bundle
Master XPlat (cross-platform) Windows and Linux forensic investigation with the ultimate bundle: 365-day access to Investigating Windows Endpoints, Investigating Windows Memory, and Investigating Linu...
training.13cubed.com
January 1, 2025 at 10:48 PM
The XPlat Bundle includes:
-Investigating Windows Endpoints
-Investigating Windows Memory
-Investigating Linux Devices
Learn more about it here: training.13cubed.com/xplat-bundle
-Investigating Windows Endpoints
-Investigating Windows Memory
-Investigating Linux Devices
Learn more about it here: training.13cubed.com/xplat-bundle
Happy New Year! I partnered with @13cubed.bsky.social for a giveaway of his XPlat training/certification Bundle!
To Enter: Like, Repost, and Leave a Comment
On January 12th, 1 winner will be chosen from LinkedIn and 1 winner will be chosen from Bluesky.
#DFIR #DigitalForensics #IncidentResponse
To Enter: Like, Repost, and Leave a Comment
On January 12th, 1 winner will be chosen from LinkedIn and 1 winner will be chosen from Bluesky.
#DFIR #DigitalForensics #IncidentResponse
January 1, 2025 at 10:48 PM
Happy New Year! I partnered with @13cubed.bsky.social for a giveaway of his XPlat training/certification Bundle!
To Enter: Like, Repost, and Leave a Comment
On January 12th, 1 winner will be chosen from LinkedIn and 1 winner will be chosen from Bluesky.
#DFIR #DigitalForensics #IncidentResponse
To Enter: Like, Repost, and Leave a Comment
On January 12th, 1 winner will be chosen from LinkedIn and 1 winner will be chosen from Bluesky.
#DFIR #DigitalForensics #IncidentResponse
Reposted by DFIR Diva
"Mastering Sysmon: Deploying, Configuring, and Fine-Tuning"
A free mini eBook for #DFIR professionals with practical steps to deploy, fine-tune, and start logging with Sysmon.
dfirinsights.com/2024/11/27/m...
#infosec #blueteam
A free mini eBook for #DFIR professionals with practical steps to deploy, fine-tune, and start logging with Sysmon.
dfirinsights.com/2024/11/27/m...
#infosec #blueteam
Mastering Sysmon free DFIR e-book release - DFIR Insights
Today is the day! I'm announcing the release of my guide: "Mastering Sysmon: Deploying, Configuring, and Fine-Tuning", a free mini eBook designed specifically for digital forensics and incident respon...
dfirinsights.com
December 16, 2024 at 11:18 AM
"Mastering Sysmon: Deploying, Configuring, and Fine-Tuning"
A free mini eBook for #DFIR professionals with practical steps to deploy, fine-tune, and start logging with Sysmon.
dfirinsights.com/2024/11/27/m...
#infosec #blueteam
A free mini eBook for #DFIR professionals with practical steps to deploy, fine-tune, and start logging with Sysmon.
dfirinsights.com/2024/11/27/m...
#infosec #blueteam