Security incidents as unwanted as they are can be turned into a great opportunity for improvement. Listen to my speech at the Forensik Conference where I go through what I consider the top common lessons learned after IR.
Category Archives: DFIR
Super timeline initial triage with Jupyter and Pandas
While Pandas may not care much about time then incident responders should. Timeline creation and analysis are the core activities of many deep dive digital forensics investigations. Run log2timeline/plaso on logs and other common evidence data and you’ll get a nice csv file with parsed events together with their associated time. This allows to correlateContinue reading “Super timeline initial triage with Jupyter and Pandas”
Analyzing binaries in place with Velociraptor and CAPA
Velociraptor aims to provide the “last step” in the process of digital forensic investigations, security monitoring and threat hunting. CAPA detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the program can do. For example, it might suggest that the file is aContinue reading “Analyzing binaries in place with Velociraptor and CAPA”