Overheard in the grocery store last night: "Why is beefstew not a good password?" Me, in my head: "That's terrible. No random numbers, letters, symbols.. actually random phrases..." Them: "It's not stroganoff"

Check out this cool new open-source Dark Web Monitoring AI Agent platform by AI Anytime - it looks like it will work with a local LLM too. I know what my next weekend project is going to be :) #AI #LocalLLMs #DFIR www.youtube.com/watch?v=9e24...

I'm a big believer in local LLMs for DFIR—privacy & security matter. In my keynote, "How to DFIR AI-ze Your Workflow," I demo how to use local LLMs with FOSS tools + share common pitfalls. 🎥 youtu.be/eG2wHGIPCaQ?... #DFIR #FOSS @sansinstitute.bsky.social

Check out this excellent blog post by Ryan Chapman from last month's Stay Ahead of Ransomware live stream. I was bummed I missed this one, but Ryan's recap is great. #DFIR www.sans.org/blog/shaking...

The SANS #DFIR Summit has always been one of my favorite conferences to attend. This year, I'm excited and honored to be giving the keynote! Attend in person or attend online for free! www.sans.org/cyber-securi...

The SANS Institute #DFIR Summit has always been one of my favorite conferences to attend. This year, I'm excited and honored to be giving the keynote! Attend in person or attend online for free - www.sans.org/cyber-securi...

It's almost here!!! Join Ryan Chapman and me at the SANS Ransomware Summit tomorrow. I will also be hosting an AI workshop over lunch. Learn how to install and use a local LLM. Register for the free conference and workshop here: www.sans.org/cyber-securi...

Thinking about taking the SANS 528 Ransomware course? I love teaching it—not only do we focus on ransomware, but also host-based forensics and analysis at scale. It's great for a wide range of investigations! Use code FOR528-SUMMIT for 30% off www.sans.org/cyber-securi...

🚨 New blog: BlackBasta’s leaks show how ransomware crews still exploit hybrid environments while Scattered Spider leans fully into cloud. Two actors, two strategies. What it means for IR, cloud defense, and ransomware readiness. 👉 invictus-ir.com/news/cloud-h... #DFIR #CloudSecurity #CTI

Join me, Ryan Chapman and guest @ransomwaresommelier.com today at 10AM PT/ 1PM ET as we talk about the state of Ransomware payments. www.linkedin.com/events/73031...

Anthropic explores the advancements and implications of frontier AI.''s dual-use capabilities in cybersecurity and biology. Learn more about their strategies to navigate emerging risks: https://www.anthropic.com/news/strategic-warning-for-ai-risk-progress-and-insights-from-our-frontier-red-team

“Your face looks like a museum.” For all my geology + ocean peeps 🧪🪨🌊

Like usual, the airport charging station is not working. I found a working plug in a pillar and all these strangers are plugged into my charging hub instead 😂 #JustTravelThings

Should you pursue the leadership track or thrive as an individual contributor in cybersecurity? Join us for a panel discussion on February 13 with top security leaders as they share insights on making this career-defining choice. Register now: us06web.zoom.us/meeting/regi...

This is really cool and runs 100% locally - a silent speech recognition tool that reads your lips in real time and types whatever you mouth. The power of local LLMs is amazing. Open source too! - github.com/amanvirparha... #AI.

I asked Deepseek-r1 14B to tell me a good digital forensics joke. Watching the thought process is so cute and entertaining... #DFIR #AI

I'm honored to be hosting the SANS Institute Ransomware Summit in May with Ryan Chapman. 5 days left to submit a talk - we want to hear from you! www.sans.org/mlp/ransomwa...

WinSCP and Rclone are used by this TA (and others) to exfiltrate data... check out my presentation on WinSCP artifacts to help locate relevant evidence : www.youtube.com/watch?v=sCqy...

This is one of my favorite #DFIR #INFOSEC conferences to attend. They have workshops for kids that I want to attend! Kids and students are free, and just $25 to attend. Well worth the price.

One of my favorite tools for BEC cases just had a nice update! If you are working BEC cases, make sure and check it out www.invictus-ir.com/news/the-mic...

Week 03 - 2025 #DFIR thisweekin4n6.com/2025/01/19/w...

I made a windows #DFIR artifacts collection MindMap, it's tough to fit everything into a readable overview (might change later)

Time for a decaf latte and a wrap up from last week's forensic goodies!

For those looking to practice a realistic #DFIR scenario, here is a free case for you to investigate. Provided artifacts: - Disk Triage Collection - Memory Image + pagefile.sys: - PCAP File Link: bluecapesecurity.com/courses/elev...

Found my first #cruisingducks during my Christmas 🎄 cruise this year. Should I rehide it, or keep it???

This is so important. Even if it's just a comment on a blog, something new you've seen with an update, find a way to share it with the community.

Want to learn more about conducting forensic investigations on Windows? I will be teaching SANS FOR500: Windows Forensic Analysis in San Francisco end of next month! Day 2 is my fav where we dive into the registry! www.sans.org/cyber-securi...

Black Basta Ransomware Uses MS Teams, Email Bombing to Spread Malware

Releasing a new #DFIR tool today! Swap Recon performs brute-force decompression of Windows 10 & 11 swap. Swap Recon was built when we couldn't find existing tools or techniques to decompress modern Windows swap properly in one of our highest-stakes cases. arsenalrecon.com

New cyber humble bundle out! #DFIR #cyber #infosec #security www.humblebundle.com/books/hackin...

It sure was. #DigitalForensics #MobileForensics #DFIR

Sunday morning reading - catch up on the latest #DFIR with @phillmoore.bsky.social. There is a great article on RDP bitmap cache.. speaking of which.. don't forget to check for RDP Thumbnails if the RDP App was used. Check out my blog post here on it: www.zerofox.com/blog/remote-...

While there are some awesome methods to detect web shells with Yara, sometimes structured data can help solve the case. In this oversimplified example, I go over how you can use two artifacts with Velociraptor to help you find evil on your Linux server. #dfir #blueteam #cybersecurity

#DFIR 💭 of the Day: #CTFs are a fantastic way to learn! They are a great way to learn providing access to forensic images and questions that can increase and challenge your skills. Registration is now open for the Magnet Virtual Summit 2025 CTF powered by Hexordia. youtu.be/YNEnpwoADKs

If you're interested in Linux DFIR? Then check all our talks/workshops below. #Linux #DFIR #Cybersecurity CC: @maryst33d.bsky.social linuxdfir.ashemery.com

I love this weekly blog. Helps keep me up to date, especially on weeks where I am busy traveling.

Indeed.

1. Velociraptor rips 2. Whitney and Eric are the best at what they do. Don't miss this opportunity if you have any interest in the material.