-
Tweets551
-
Followers2K
-
Following124
-
Likes711
QUANTUMSTRAND beta 1 released: built for analysts to quickly understand *where* strings are, *what* they might be, and *how* important they are, without getting lost in a sea of undifferentiated text. Thanks @m_r_tz and the crew at @Mandiant FLARE github.com/mandiant/flare…
🛠️ FJTA update released (2025-08-18)! Changes include: ✅ No longer requires TSK 4.13.0 for XFS recognition ✅ Minor code refactoring 🔗 github.com/mnrkbys/fjta #DFIR #Linux
mac_apt v1.26.1 is here, now supports processing Velociraptor collections and compiled versions for macOS too. Many incremental updates and new plugins (we are at 52 plugins now!). github.com/ydkhatri/mac_a… #DFIR #macOS
🛠️ FJTA update released (2025-07-29)! Changes include: ✅ Improved parsing of XFS journal log records ✅ Enhanced handling of directory entries (ext4/XFS) ✅ Minor bug fixes 🔗 github.com/mnrkbys/fjta #DFIR #Linux
Introducing Phorion. A modern EDR platform purpose-built for macOS. Because security teams shouldn’t have to settle for Windows-first tools. 🛡️🍎 🧵
Found an interesting location storing wifi connect/disconnect information on #macos #DFIR swiftforensics.com/2025/01/new-wi…
There seemed to be enough interest so I decided to do a write up on what I have found about OneDrive Offline Mode. Hate to burn a forensic artifact but I’m concerned about what Microsoft feels is secure. #DFIR malwaremaloney.blogspot.com/2025/01/onedri…
My NTFS journal rewind script explained in this 13Cubed episode. Thanks @davisrichardg .
My NTFS journal rewind script explained in this 13Cubed episode. Thanks @davisrichardg .
If you've had this problem (see pic), NTFS Journal REWIND solves it! . New blog post + code. No more unknown paths. cybercx.com.au/blog/ntfs-usnj… #NTFS #DFIR
Windows Thumbnail caches are a mostly unused artifact. Did you know they can point to paths on external systems? (Yes path embedded in thumbcache file, not from win search db) Can be helpful when threat actors actively delete logs and other artifacts! #DFIR
🆕 mac_apt release v1.5.8 New modules, macOS 13 & RSR support, Python 3.10 compatibility, easier installation, bug fixes github.com/ydkhatri/mac_a… #DFIR #macOS
Hey #DFIR & #Malware community. A memory forensics case were you are required to analyze a memory dump of a Windows 10 system that has been hit with a #Ransomware. Let the games begin. Please share! $100 bounty will be paid to whoever solves this case! ashemery.com/dfir.html#Memo…
Thanks for merging it @MarkBaggett. Excel output now has autowidth adjustment and auto filter applied, with frozen top row for easy analysis.
Thanks for merging it @MarkBaggett. Excel output now has autowidth adjustment and auto filter applied, with frozen top row for easy analysis.
🛠️ Just released a new open-source utility: "DumpBTM" It can dump the persistence records of installed items (including persistent malware!) from macOS's proprietary BackgroundItems-v4.btm file. Read more: patreon.com/posts/77420730
ODL parser now updated to unobfuscate encrypted strings. MS had changed the format.. Short blog post sharing the details: swiftforensics.com/2022/11/readin… #DFIR
📌 Drivers abused by #Ransomware TA to kill AV/EDR's ▪ gdrv.sys (Gigabyte) > #RobinHood 9ab9f3b75a2eb87fafb1b7361be9dfb3 ▪ aswArPot.sys (Avast) > #CUBA and #AvosLocker a179c4093d05a3e1ee73f6ff07f994aa ▪ mhyprot2.sys (Genshin Impact) > #Rever 4b817d0e7714b9d43db43ae4a22a161e
The DFRWS APAC conference is happening *in-person* in Adelaide, Australia Sept 28-30, with the program virtual-friendly. Do join us for the second of what we aim to become a regular forum for the Asia-Pacific #DFIR practitioner and researcher community to connect.
The DFRWS APAC conference is happening *in-person* in Adelaide, Australia Sept 28-30, with the program virtual-friendly. Do join us for the second of what we aim to become a regular forum for the Asia-Pacific #DFIR practitioner and researcher community to connect.
In OneDrive, when a file is deleted that is not on the local filesystem, it is moved to the cloud recycle bin. This can be problematic during endpoint investigations. By incorporating ODL logs, we can find this data. Did Fred Rogers delete more that we were lead to believe? #DFIR
So the first part of the blog post on OneDrive Logs (ODL) is finally posted, and so is the python script to parse it! 👇 swiftforensics.com/2022/02/readin… and github.com/ydkhatri/OneDr…
Kevin 🤖🕵️🍺 @KevinPagano3
3K Followers 573 Following 🕵🏼♂️ @stark4n6 🎴 Shiny cardboard collector 🍺 Resident beer drinker
Heather Mahalik Barnh... @HeatherMahalik
23K Followers 1K Following DFIR @cellebrite, Faculty Fellow & author @sansforensics #FOR585 #FOR500, wife, mama, researcher, USAF. Trust but validate. Thoughts are mine.
Chad Tilbury @chadtilbury
22K Followers 600 Following Digital forensics and incident response. Ex-AFOSI, Mandiant, and CrowdStrike. SANS Institute Fellow and co-author of #FOR500 and #FOR508 courses.
Phill Moore @phillmoore
9K Followers 3K Following This Week in 4n6 // ThinkDFIR // SANS // CyberCX (DFIR) https://t.co/vLyL2sxTuy I might not know much, but I do know how to Google Tweets are mine
Magnet Forensics @MagnetForensics
17K Followers 996 Following Official Twitter feed for Magnet Forensics, a global leader in solutions for digital investigations since 2009.
Stephan Berger @malmoeb
28K Followers 1K Following Head of Investigations @InfoGuardAG https://t.co/A5lnFAu7eX
Samir @SBousseaden
25K Followers 1K Following Detection Engineering | Elastic Security Mastodon: @[email protected]
DFIR Diva @DfirDiva
22K Followers 5K Following DFIR Analyst trying to learn all the things | DFIR Blog for Beginners | Founder @GetYourStart | https://t.co/7cHco4FjUS
Patrick @Beav_Patrick
1K Followers 2K Following U.S. Federal Platform Consultant @ Magnet Forensics. Marine Corps Cyber Aux team. Marine Corps Veteran. Former Detective 🕵️♂️ Opinions are my own 👨🏼💻
Ryan "Chaps" Chapman @rj_chap
8K Followers 3K Following DFIR & malware analyst. @sansforensics FOR528 Author & FOR610 Instructor. @CactusCon crew. Husband & father. Comments = own.
Kathryn Hedley @4enzikat0r
3K Followers 800 Following #DFIR & #DFIRFit geek, SANS Author/Instructor #FOR308, Instructor #FOR500. All opinions mine.
ElcomSoft @ElcomSoft
11K Followers 2K Following ElcomSoft's Official Twitter. Password recovery, mobile & cloud forensics.
Cellebrite @Cellebrite
18K Followers 2K Following Cellebrite, the global leader in digital intelligence solutions, empowering agencies to protect & save lives, accelerate justice and preserve privacy.
Andrew Rathbun @bunsofwrath12
3K Followers 704 Following Husband, Father, #DFIR @ Unit 42, Digital Forensics Discord Admin, AboutDFIR Contributor, Author, #USMC Veteran, Former LE, NHL Fan, Dark Mode, Animals, Music
Patrick @RVA4n6
664 Followers 520 Following Richmond, VA #RVA Director of Digital Forensics, writer, trainer in #dfir & Active Attack Response, former LE. Motorcycler & traveler. Opinions = my own.
Paul Lorentz aka Scur... @PaulScurvy
810 Followers 884 Following Dad of 3, 🚲 , 🎣 , 🏃♂️ and love the outdoors and bit of 4n6, former🇨🇦🚔 @ottawapolice, now @Cellebrite Head of Customer Engagement. Opinions are my own
ClaireJean @acgbSE5p6aJy6
0 Followers 443 Following
SylviaJoel @1gfW8OImpqc7T
0 Followers 285 Following
7up4 @7up47
0 Followers 152 Following
RubyAbraham @Ux2jbq3t2X70n
0 Followers 368 Following
Fwueeqee @Fwueeqee586285
0 Followers 484 Following
Precision Forensics @Precision4nsics
1 Followers 28 Following
Desperato @YaSSaX77
28 Followers 85 Following
Eemawuhui @Eemawuhui60233
6 Followers 837 Following
Louve @Louve82645
0 Followers 559 Following
SabinaBush @hX6029ZnvN5WM5
0 Followers 378 Following
gd4n6 @gdforeign6
0 Followers 32 Following
Mark Petrini @petrini_ma41978
5 Followers 96 Following
White Rabbit Cyber @WhtRbbtCybr
7 Followers 130 Following Thoughts and observations from inside the cyber security rabbit hole.
Jevin Sweval @jevinskie
2K Followers 5K Following KEYWORDS ➡︎ cats, hacking, reverse engineering, LLVM, binary analysis, side channel analysis, FPGAs, NFC/EMV tricks Previously Pay Security he/him
Antica CHAE @AChae79357
0 Followers 12 Following
Karim @karimelmasry42
43 Followers 117 Following Pentester (maybe). Reverse engineer (perhaps). Obsessed with @Apple products
Oorhiape @Oorhiape28389
30 Followers 1K Following
tsunamipapi @tsUn4m1p4p1_ph
0 Followers 197 Following
Ye Alde Poser @Y3330t
141 Followers 2K Following
nuyo4h @nuyo4h
0 Followers 3K Following
yy @n0_crew
0 Followers 119 Following
EFS @eforensic
206 Followers 102 Following EFS e-Forensic Services Inc., computer forensics / e-Discovery, analysis, training & forensic product sales
John Kollitidis @JKolliti
47 Followers 592 Following
Johnson Matsiko @Johnson_Matsiko
206 Followers 1K Following Digital Forensics || Cybersecurity Analyst
Patrick @Patrick0x41
690 Followers 4K Following Offensive Security Engineer | Interested in Red Teaming & Vulnerability Research
sad @sec0x25
89 Followers 3K Following
FarKingdom @FarKingdom97017
2 Followers 133 Following
Mustafa ŞAHİN @mustafasahin
217 Followers 428 Following Digital Forensics & Cybersecurity Specialist | Legal Tech & Expert Witness | Linux & Python Enthusiast | Embedded Systems Explorer | Tech Educator & Author | Bu
Nsk @nsk_offl_
350 Followers 4K Following Director🎬& Lyricist of Kattravai Katrapin & Onedaykadhalan CyberSecurity Analyst,Travel freak, Ardent Suriya ❤ Jo,Maddy🤩,VJS😍 Fan,CR7MSD Fan🤟,Maduraikaran😎
!N00b @justan00b
0 Followers 361 Following
Andrew Joseph @jose3253
49 Followers 801 Following
A @xmar20242024
1 Followers 169 Following
MCSR Gen @GenMcsr
5 Followers 322 Following
Agustin Fragoso @SnowHusky15
0 Followers 303 Following
EMIL @emilALABA
0 Followers 6 Following
SpelledIcup @SpelledIcup
1 Followers 31 Following
Mahesh M @mahihyd9
29 Followers 891 Following
Yair Zarka @ZarkaYair
78 Followers 1K Following
Sam C. @SamCrow87458017
0 Followers 84 Following
Phill Moore @phillmoore
9K Followers 3K Following This Week in 4n6 // ThinkDFIR // SANS // CyberCX (DFIR) https://t.co/vLyL2sxTuy I might not know much, but I do know how to Google Tweets are mine
Stephan Berger @malmoeb
28K Followers 1K Following Head of Investigations @InfoGuardAG https://t.co/A5lnFAu7eX
Samir @SBousseaden
25K Followers 1K Following Detection Engineering | Elastic Security Mastodon: @[email protected]
Nicolas Krassas @Dinosn
147K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3
Savitri Mumukshu - �... @MumukshuSavitri
75K Followers 2K Following तुच्छ्येनाभ्वपिहितं यदासीत्तपसस्तन्महिनाजायतैकम् । Designer & Entrepreneur, Proud Hindu, Busting History myths, Wife & Mom, Writer, Culinary & AI Artist. No DMs
Rob T. Lee @robtlee
26K Followers 1K Following Chief AI Officer, Chief of Research, @SANSInstitute | Cybersecurity Expert & Threat Hunter | Godfather of DFIR | Technical Advisor to US Govt
Sanatan Talks @SanatanTalks
166K Followers 499 Following ॐ नमः शिवाय ॥ जय श्री राम ॥ Story Teller ॥ Traveller ॥ History ॥ Views are personal ॥ RP ≠ Endorsement.
Xavier Uncle @xavierunclelite
318K Followers 6K Following naam se xavier, kaam se saviour | DM for collaborations or 📩: [email protected]
vivan. @VivanVatsa
34K Followers 202 Following · Night: Refilling Internet’s (K)inK @iKyu_HQ (https://t.co/cmRbwmWZZP) + Day: ½ Founder @PeopleCompanyHQ (https://t.co/PQaQyOhoOF)
nero @n3ro
438 Followers 365 Following Libertarian/Free Speech Radical. Technology Executive, xDisney imagineer.
Dr. Maik Ro ➡️�... @maikroservice
19K Followers 712 Following ☠️ inactive account ☠️ - Training the next generation of Hackers over at bsky / linkedin / youtube 🏴☠️💜
Nick Carr @ItsReallyNick
38K Followers 3K Following Tech Director / Threat Intelligence at Microsoft. Previously, Director of Incident Response & Intel Research at Mandiant. Former Chief Technical Analyst at CISA
Alex @kviddy
241 Followers 253 Following Music, Fuzz Pedals, Digital Forensics, Cat Pictures, guitarist in @LongFallBoots
Richard Davis @davisrichardg
3K Followers 434 Following DFIR Investigator @Microsoft and part-time YouTuber. Follow @13CubedDFIR for 13Cubed updates.
Nicole Odom @N0D0M1
111 Followers 92 Following #DFIR Examiner & Researcher | https://t.co/Q39hrJlVBF | https://t.co/814n5RPCE0
Nick Klein @CyberKleiners
808 Followers 68 Following Cyber breach response, digital forensic investigations, strategic advisor.
David Brumley @thedavidbrumley
4K Followers 482 Following Creating a world where everyone can trust apps they use. CEO and Co-Founder @ForAllSecure, Professor @cmu_ece and @CSDatCMU. Views are my own.
Jared Barnhart @bizzybarney
1K Followers 428 Following Father, forensic analyst, DI Specialist @Cellebrite. Opinions are mine.
Calum Hall @_calumhall
956 Followers 339 Following Co-Founder of Phorion 🔍| Threat Detection and Response Manager at GitHub 👨💻| macOS researcher 🍎 | BlackHat speaker 2021 📢 Opinions are my own
Oleg Skulkin @oskulkin
2K Followers 296 Following Head of Cyber Threat Intelligence at @bizone_en. Opinions are my own.
Zach @svch0st
4K Followers 1K Following Everything DFIR @TheDFIRReport | @CuratedIntel | @XintraOrg https://t.co/ggakuKBS0S
Anthony @0xAnthony
47 Followers 163 Following hi I'm Anthony. I do digital forensics and incident response #DFIR // @USC CS Grad // former jiu-jitsu club president // amateur hiker // Opinions are my own.
Lee Reiber @Celldet
2K Followers 102 Following Mobile Device Forensic Expert, Innovator and author of Mobile Forensic Investigations and Forensic Happy Hour host- Tweets are my own -Be Bold-
Craig Rowland - Agent... @CraigHRowland
11K Followers 313 Following Agentless Linux security. No endpoint agents and no drama. Linux malware, forensics, intrusion detection, and hacking. Founder @SandflySecurity.
Josh Brunty @joshbrunty
2K Followers 2K Following Head Coach @uscybergames | Professor @marshallu | Digital Forensics @marshallu_cfs
Josh Lemon @joshlemon
2K Followers 1K Following Chief DIFR at @SoteriaSec_io | @SANSInstitute Principal Instructor & Author | Digital Forensics & Incident Response geek
Cado @CadoSecurity
984 Followers 150 Following Cado Security is the provider of the first investigation and response automation platform focused on revolutionizing incident response for the hybrid world
Aaron Sparling @OSINTlabworks
1K Followers 899 Following BJJ Blackbelt, Memory 4N6 nerd, malwareRE noob, poorly rated chess player.
DFIR_TNT @DFIR_TNT
1K Followers 2K Following DFIR Tips N Tricks | Andrew Skatoff | Cyber+DFIR | Seeker of Truth | Hunter of Threats
DouglasKein @DouglasKein
119 Followers 173 Following
Matthew Seyer 🇺�... @forensic_matt
3K Followers 730 Following DIGITAL FORENSICS - where every bit counts.
Ovie @ovie
2K Followers 316 Following
Simon Key @SimonDCKey
1K Followers 392 Following #EnCase instructor and course developer working for @OpenText. #EnScript #EnCaseAppCentral #DFIR #INFOSEC #CyberSecurity
Abhiram Kumar @_abhiramkumar
1K Followers 347 Following 🇮🇳 | DFIR @ Unit42| Former Captain @teambi0s | Author of MemLabs | GCFA | GREM | Views my own
Joakim Schicht @JoakimSchicht
160 Followers 22 Following
kasasagi09 @kasasagi_ta
647 Followers 1K Following #Digital_Forensics #このアカウントは活動をぼちぼち再開してきましたが #Forensicsの情報収集をしたい方は"#DFIR"と"https://t.co/CCXI15ckp0"をみることを推奨します
DoubleBlak @BlakDouble
963 Followers 76 Following
Chris Bing @Bing_Chris
34K Followers 10K Following @propublica reporter: national security and technology. 📧: [email protected] / 📞(Signal): 771-217-8550. More contact info: https://t.co/FnTdrahhi0
Ciofeca Forensics @CiofecaForensic
239 Followers 30 Following Monday morning solutions to put power back in the hands of the forensics examiner
Jerry Grant @JRCC_4N6
198 Followers 594 Following JR Computer Consulting - Digital Forensics Investigator - Computer Forensics, Mobile Forensics and Cell Site Analysis. https://t.co/PkBMinFMoT
Cyb3r Jak3 @Cyb3r_Jak3
70 Followers 153 Following Privacy and transparency oriented. Computer Networking & Cyber Security. Passion for learning about new technologies. MVP@Cloudflare
Asif Matadar @d1r4c
510 Followers 2K Following Digital Forensics & Incident Response Leader | International Public Speaker | Investor | Entrepreneur | Mentor | U.K. Government Cyber Security Advisory Board
Shafik Punja @qubytelogic
931 Followers 3K Following DFIR worker bee/research monkey. Views are my own.🐧 And do not necessarily represent strategies, views or opinions of any employers: past, present or future.
Grant H @Digital_Cold
2K Followers 2K Following Mobile security researcher. Previously @Qualcomm product security. @UF Ph.D, @UCF B.S. Opinions my own https://t.co/VKTGUksQFd 🦋: @digitalcold
Alex Cartwright @alex_cartware
140 Followers 44 Following Champlain College 2021 Alumni | DFIR Enthusiast | Associate Incident Response Consultant | Developer of LEAF | Hackerlady
Mike Williamson @forensicmike1
2K Followers 2K Following @MagnetForensics DFIR, RE, AI, C#, cloud stuff. Opinions are my own.Trends for United States
You might like
