-
Tweets552
-
Followers2K
-
Following125
-
Likes710
DRIFT Linux is born🐧 A #linux distro built for #DigitalForensics & #IncidentResponse (#DFIR): a portable lab for device and disk acquisition, Web/Cloud evidence collection, and early stages of incident analysis. driftlinux.org/blog/technical… #linux #cybersecurity #forensics #cyber
Video demo of the NTUSER dot MAN trick I saw floating around before the new year -- I did not know this was a thing👀 Hat tip to DeceptIQ et al.... we showcase: 1. breaking a Windows login with an empty user profile, 2. getting initial access EZPZ with a Sliver C2 implant, 3. exporting, downloading, and hijacking an existing target user profile NTUSER.DAT or HKCU Registry hive, 4. converting hives from .reg plaintext to binary with the HiveSwarming.exe tool, 5. and establishing persistence with the new backdoored NTUSER dot MAN profile we upload! No Registry writes, API calls or registry callbacks because it's just a single file placed on disk! Kinda neat. This is my first recording after a month break for the holidays and it was _painful_ -- lots of fails and mistakes and it took many hours 😅 I'm experimenting with MEMES in the THUMBNAIL and SHORT video TITLES to MITIGATE against CLICKBAIT Also experimenting with longer social text promos for video releases to add more preview details and context. I no longer have to just feed algorithms, but now LLMs, too! Feels good to get something out the door again. I hope you take a look! YouTube link: youtu.be/Mw8DVcLSZIc
QUANTUMSTRAND beta 1 released: built for analysts to quickly understand *where* strings are, *what* they might be, and *how* important they are, without getting lost in a sea of undifferentiated text. Thanks @m_r_tz and the crew at @Mandiant FLARE github.com/mandiant/flare…
🛠️ FJTA update released (2025-08-18)! Changes include: ✅ No longer requires TSK 4.13.0 for XFS recognition ✅ Minor code refactoring 🔗 github.com/mnrkbys/fjta #DFIR #Linux
mac_apt v1.26.1 is here, now supports processing Velociraptor collections and compiled versions for macOS too. Many incremental updates and new plugins (we are at 52 plugins now!). github.com/ydkhatri/mac_a… #DFIR #macOS
🛠️ FJTA update released (2025-07-29)! Changes include: ✅ Improved parsing of XFS journal log records ✅ Enhanced handling of directory entries (ext4/XFS) ✅ Minor bug fixes 🔗 github.com/mnrkbys/fjta #DFIR #Linux
Introducing Phorion. A modern EDR platform purpose-built for macOS. Because security teams shouldn’t have to settle for Windows-first tools. 🛡️🍎 🧵
Found an interesting location storing wifi connect/disconnect information on #macos #DFIR swiftforensics.com/2025/01/new-wi…
Hi, #DFIR guys, I am developing a new forensic tool for parsing journal data of #Linux filesystems (not systemd journal logs). It can not only parse filesystem journals but also generate timeline events for DFIR. This tool currently supports only EXT4, but I plan to add support for XFS as well. Additionally, it can detect suspicious activities such as timestomping. The tool is still incomplete, so it will take at least a few more weeks before the first release.
There seemed to be enough interest so I decided to do a write up on what I have found about OneDrive Offline Mode. Hate to burn a forensic artifact but I’m concerned about what Microsoft feels is secure. #DFIR malwaremaloney.blogspot.com/2025/01/onedri…
My NTFS journal rewind script explained in this 13Cubed episode. Thanks @davisrichardg .
Happy New Year! 🎉🥳 The first 13Cubed episode of 2025 is here! Let's explore some groundbreaking research from CyberCX on “rewinding the NTFS USN Journal.” youtube.com/watch?v=GDc8Tb… #DFIR
@gpresman @chadtilbury @antoniosanzalc Sorry about that, silly corp policy on geo blocking. Try this: usa-proxy.org/browse.php?u=h…
@GalloDu link to code GitHub.com/CyberCX-DFIR/u…
@GalloDu Sorry not sure why your location is blocked on corp website. Try this usa-proxy.org/browse.php?u=h…
If you've had this problem (see pic), NTFS Journal REWIND solves it! . New blog post + code. No more unknown paths. cybercx.com.au/blog/ntfs-usnj… #NTFS #DFIR
@Songrongn @KevinPagano3 No idea, but it does sometimes. Also, forgot to mention, I wrote a Velociraptor artifact to pull this information out. docs.velociraptor.app/exchange/artif… github.com/Velocidex/velo…
Windows Thumbnail caches are a mostly unused artifact. Did you know they can point to paths on external systems? (Yes path embedded in thumbcache file, not from win search db) Can be helpful when threat actors actively delete logs and other artifacts! #DFIR
@unkn0wnbit Thanks for updating mac_apt.
🆕 mac_apt release v1.5.8 New modules, macOS 13 & RSR support, Python 3.10 compatibility, easier installation, bug fixes github.com/ydkhatri/mac_a… #DFIR #macOS
Hey #DFIR & #Malware community. A memory forensics case were you are required to analyze a memory dump of a Windows 10 system that has been hit with a #Ransomware. Let the games begin. Please share! $100 bounty will be paid to whoever solves this case! ashemery.com/dfir.html#Memo…
Ali Hadi | B!n@ry @binaryz0ne
35K Followers 569 Following DFIR and Adversary Simulation | All posts reflect the views and interests of the person behind this account only |
Kevin 🤖🕵️🍺 @KevinPagano3
4K Followers 582 Following 🕵🏼♂️ @stark4n6 🎴 Shiny cardboard collector 🍺 Resident beer drinker
Heather Mahalik Barnh... @HeatherMahalik
23K Followers 1K Following DFIR, Faculty Fellow & author, #FOR585 #FOR500, wife, mama, researcher, USAF. Trust but validate. Thoughts are mine.
Chad Tilbury @chadtilbury
22K Followers 599 Following Digital forensics and incident response. Ex-AFOSI, Mandiant, and CrowdStrike. SANS Institute Fellow and co-author of #FOR500 and #FOR508 courses.
Phill Moore @phillmoore
9K Followers 3K Following This Week in 4n6 // ThinkDFIR https://t.co/vLyL2sgQsy I might not know much, but I do know how to Google Tweets are mine
Magnet Forensics @MagnetForensics
17K Followers 984 Following Official Twitter feed for Magnet Forensics, a global leader in solutions for digital investigations since 2009.
Stephan Berger @malmoeb
29K Followers 1K Following Head of Investigations @InfoGuardAG https://t.co/A5lnFAu7eX
DFIR Diva @DfirDiva
22K Followers 5K Following DFIR Analyst trying to learn all the things | DFIR Blog for Beginners | Founder @GetYourStart | https://t.co/7cHco4FjUS
Patrick @Beav_Patrick
1K Followers 2K Following U.S. Federal Platform Consultant @ Magnet Forensics. Marine Corps Cyber Aux team. Marine Corps Veteran. Former Detective 🕵️♂️ Opinions are my own 👨🏼💻
Devon @aboutdfir
3K Followers 142 Following Custodian of Private Histories | Keynote Speaker | Creator of https://t.co/sgaC8FxjAE | Author of Diving In: An Incident Responder’s Journey 📖
Ryan "Chaps" Chapman @rj_chap
8K Followers 3K Following Threat Hunter. DFIR & Malware Analyst. @sansforensics Author (FOR528) & Instructor (FOR610). Husband & father. Retro gamer too! Comments = own.
Kathryn Hedley @4enzikat0r
3K Followers 786 Following #DFIR & #DFIRFit geek, SANS Author/Instructor #FOR308, Instructor #FOR500. All opinions mine.
ElcomSoft @ElcomSoft
11K Followers 2K Following ElcomSoft's Official Twitter. Password recovery, mobile & cloud forensics.
Cellebrite @Cellebrite
19K Followers 2K Following Cellebrite's mission is to protect communities, nations and businesses as a global leader in AI-powered digital investigative and intelligence solutions.
Andrew Rathbun @bunsofwrath12
3K Followers 722 Following Husband, Father, #DFIR @ Unit 42, Digital Forensics Discord Admin, AboutDFIR Contributor, Author, #USMC Veteran, Former LE, NHL Fan, Dark Mode, Animals, Music
Patrick @RVA4n6
761 Followers 578 Following Richmond, VA #RVA Director of Digital Forensics, writer, trainer in #dfir & Active Attack Response, former LE. Motorcycler & traveler. Opinions = my own.
goutham0164 @goutham0164
2 Followers 410 Following
Ahmed @0xAlbana
0 Followers 88 Following
Vaibhav Bhandari @vaibhavb
742 Followers 2K Following https://t.co/kwsod2k14p. Thoughts, ideas, quibbles, and retweets are my own - ;-).
TUKARAM GAONKAR @TukaramGao23076
0 Followers 18 Following
shadow @_N00B_saib0t
71 Followers 3K Following
Zach Cory @zachcory666
4 Followers 330 Following
Ziggy Ziggurat @ZigguratZi
10 Followers 413 Following
ShadowStrike_Stratego... @ShadowStrikeAU
0 Followers 45 Following Digital Forensics. CTF. Open-source tool builder. 🇦🇺 | Aut Viam Inveniam Aut Faciam | ShadowStrike Suite — coming.
Tariq @T4riiiiq
30 Followers 177 Following
hainguyen0207 @hainguyen0207
16 Followers 272 Following
3v1d3nc3.XX @3v1d3nc3_XX
1 Followers 53 Following Service Desk Engineer | Security+ | Aspiring SOC Analyst
YATA AI | AI Forensic... @YATA_GenAI
743 Followers 5K Following Is it Real or AI? 🪞 YATA AI constantly learns scam tactics to neutralize deepfakes. Our forensics outsmart fraud with instant, high-precision reports.
Siva @Smvasii
106 Followers 1K Following
Paul van Ramesdonk @van_Ramesdonk
73 Followers 442 Following DFIR | guitars | valve amps and music | Opinions are my own
Josh @V1LL4N0US
442 Followers 2K Following IR at @mandiant @google | interest in Threat Intel and ML/AI | Opinions are my own | He/Him
KristinWhit @2amj81luKOZ1f34
0 Followers 579 Following
ErinTuttle @PEoSoklr4w0dnJ
7 Followers 874 Following
Вадим Друк @djdruk
17 Followers 265 Following
alexxur @al3xxur
5 Followers 259 Following
icebot @l0ckbit3
4 Followers 361 Following
音羽 (おとは) @BaY1hqjO925k0J
7 Followers 2K Following セクシー桜花娘、奔放で夜のデート無限。ジム好き、引き締まったボディ、デートはジムで汗まみれに。ためらわず、セクシー日本娘が待ってる!
7up4 @7up47
0 Followers 170 Following
Fwueeqee @Fwueeqee586285
0 Followers 869 Following
Desperato @YaSSaX77
22 Followers 90 Following
Louve @Louve82645
4 Followers 956 Following
gd4n6 @gdforeign6
0 Followers 31 Following
Mark Petrini @petrini_ma41978
3 Followers 103 Following
White Rabbit Cyber @WhtRbbtCybr
5 Followers 226 Following Thoughts and observations from inside the cyber security rabbit hole.
Jevin Sweval @jevinskie
2K Followers 5K Following Fuck Elon Musk and his fascist & racist friends This account is archived. Find me elsewhere. https://t.co/aPN2y5oggJ
Antica CHAE @AChae79357
0 Followers 17 Following
Karim @karimelmasry42
44 Followers 172 Following Pentester (maybe). Reverse engineer (perhaps). Obsessed with @Apple products
Oorhiape @Oorhiape28389
25 Followers 1K Following
tsunamipapi @tsUn4m1p4p1_ph
0 Followers 197 Following
Ye Alde Poser @Y3330t
64 Followers 2K Following
yy @n0_crew
0 Followers 130 Following
Ali Hadi | B!n@ry @binaryz0ne
35K Followers 569 Following DFIR and Adversary Simulation | All posts reflect the views and interests of the person behind this account only |
Phill Moore @phillmoore
9K Followers 3K Following This Week in 4n6 // ThinkDFIR https://t.co/vLyL2sgQsy I might not know much, but I do know how to Google Tweets are mine
Stephan Berger @malmoeb
29K Followers 1K Following Head of Investigations @InfoGuardAG https://t.co/A5lnFAu7eX
Nicolas Krassas @Dinosn
157K Followers 768 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKZLB Posting content that I find interesting.
Devon @aboutdfir
3K Followers 142 Following Custodian of Private Histories | Keynote Speaker | Creator of https://t.co/sgaC8FxjAE | Author of Diving In: An Incident Responder’s Journey 📖
James English Podcast... @JamesEnglish71
13K Followers 1 Following The world's most controversial podcast Anything Goes with James English available on YouTube, iTunes & Spotify 🎤
VɆł₦Ⱬ..🔥 @badboiveinz
4K Followers 4K Following https://t.co/QEvGqCb90K.Sound.Independent ARTIST.ESOTERIC. Email:[email protected] NEO-RAP.. Zen lifestyle.. STOIC. warrior mindset.
AstroCounselKK 🇮�... @AstroCounselKK
59K Followers 392 Following #SpiritualBeing #VedicAstrologer #Palmist #Numerologist #Consultant, For any issues in Life Kindly DM for Consultation, [email protected] Har Har Mahadev
Āyudhika @Ayudhika1310
24K Followers 1K Following Advaita student || Dharma First || Short Stories || Bollywood || Please don't follow for FB || Original Posts ||
Savitri Mumukshu - �... @MumukshuSavitri
84K Followers 3K Following तुच्छ्येनाभ्वपिहितं यदासीत्तपसस्तन्महिनाजायतैकम् । Designer & Entrepreneur, Proud Hindu, Busting History myths, Wife & Mom, Writer, Culinary & AI Artist. No DMs
Rob T. Lee @robtlee
27K Followers 1K Following Chief AI Officer, Chief of Research, @SANSInstitute | Cybersecurity Expert & Threat Hunter | Godfather of DFIR | Technical Advisor to US Govt
We Hindu @SanatanTalks
171K Followers 477 Following ॐ नमः शिवाय ॥ जय श्री राम ॥ Story Teller ॥ Traveller ॥ History ॥ Views are personal ॥ RP ≠ Endorsement.
Xavier Uncle @xavierunclelite
318K Followers 6K Following naam se xavier, kaam se saviour | DM for collaborations or 📩: [email protected]
vivan. @VivanVatsa
38K Followers 148 Following · Refilling Internet’s (K)inK · Day: ½ Founder @PeopleCompanyHQ (https://t.co/PQaQyOhoOF) + Night: Chirographying @iKyu_HQ (https://t.co/cmRbwmWZZP)
nero @n3ro
461 Followers 392 Following Libertarian & Civil liberties radical. xDisney imagineer, technology exec, builder and nerd.
Dr. Maik Ro ➡️�... @maikroservice
18K Followers 703 Following ☠️ inactive account ☠️ - Training the next generation of Hackers over at bsky / linkedin / youtube 🏴☠️💜
Nick Carr @ItsReallyNick
38K Followers 3K Following Tech Director / Threat Intelligence at Microsoft. Previously, Director of Incident Response & Intel Research at Mandiant. Former Chief Technical Analyst at CISA
Alex @kviddy
241 Followers 249 Following Music, Fuzz Pedals, Digital Forensics, Cat Pictures, guitarist in @LongFallBoots
Richard Davis @davisrichardg
3K Followers 450 Following Forensic Investigator @Microsoft and part-time YouTuber. Follow @13CubedDFIR for 13Cubed updates.
Nicole Odom @N0D0M1
109 Followers 92 Following #DFIR Examiner & Researcher | https://t.co/Q39hrJlVBF | https://t.co/814n5RPCE0
Nick Klein @CyberKleiners
789 Followers 67 Following Cyber breach response, digital forensic investigations, strategic advisor.
David Brumley @thedavidbrumley
4K Followers 480 Following Creating a world where everyone can trust apps they use. CEO and Co-Founder @ForAllSecure, Professor @cmu_ece and @CSDatCMU. Views are my own.
Jared Barnhart @bizzybarney
1K Followers 433 Following Father, forensic analyst, DI Specialist @Cellebrite. Opinions are mine.
Calum Hall @_calumhall
981 Followers 343 Following Co-Founder of Phorion 🔍| Threat Detection and Response Manager at GitHub 👨💻| macOS researcher 🍎 | BlackHat speaker 2021 📢 Opinions are my own
Oleg Skulkin @oskulkin
2K Followers 294 Following Head of Cyber Threat Intelligence at @bizone_en. Opinions are my own.
Zach @svch0st
4K Followers 1K Following Everything DFIR @TheDFIRReport | @CuratedIntel | @XintraOrg https://t.co/ggakuKBS0S
Anthony @0xAnthony
45 Followers 162 Following hi I'm Anthony. I do digital forensics and incident response #DFIR // @USC CS Grad // former jiu-jitsu club president // amateur hiker // Opinions are my own.
Lee Reiber @Celldet
2K Followers 102 Following Mobile Device Forensic Expert, Innovator and author of Mobile Forensic Investigations and Forensic Happy Hour host- Tweets are my own -Be Bold-
Craig Rowland - Agent... @CraigHRowland
11K Followers 319 Following Agentless Linux security. No endpoint agents and no drama. Linux malware, forensics, intrusion detection, and hacking. Founder @SandflySecurity.
Josh Brunty @joshbrunty
2K Followers 2K Following Head Coach @uscybergames | Professor @marshallu | Digital Forensics @marshallu_cfs
Josh Lemon @joshlemon
2K Followers 1K Following Chief DIFR at @SoteriaSec_io | @SANSInstitute Principal Instructor | Digital Forensics & Incident Response geek
Cado @CadoSecurity
946 Followers 150 Following Cado Security is the provider of the first investigation and response automation platform focused on revolutionizing incident response for the hybrid world
Aaron Sparling @OSINTlabworks
1K Followers 893 Following BJJ Blackbelt, Memory 4N6 nerd, malwareRE noob, poorly rated chess player.
DFIR_TNT @DFIR_TNT
979 Followers 2K Following
DouglasKein @DouglasKein
119 Followers 173 Following
Matthew Seyer 🇺�... @forensic_matt
3K Followers 724 Following DIGITAL FORENSICS - where every bit counts.
Ovie @ovie
2K Followers 315 Following
Simon Key @SimonDCKey
1K Followers 387 Following #EnCase instructor and course developer working for @OpenText. #EnScript #EnCaseAppCentral #DFIR #INFOSEC #CyberSecurity
Abhiram Kumar @_abhiramkumar
1K Followers 344 Following 🇮🇳 | DFIR @ Unit42| Former Captain @teambi0s | Author of MemLabs | GCFA | GREM | Views my own
Joakim Schicht @JoakimSchicht
159 Followers 22 Following
kasasagi09 @kasasagi_ta
650 Followers 1K Following #Digital_Forensics #このアカウントは活動をぼちぼち再開してきましたが #Forensicsの情報収集をしたい方は"#DFIR"と"https://t.co/CCXI15ckp0"をみることを推奨します
DoubleBlak @BlakDouble
969 Followers 76 Following
Ciofeca Forensics @CiofecaForensic
239 Followers 30 Following Monday morning solutions to put power back in the hands of the forensics examiner
Jerry Grant @JRCC_4N6
199 Followers 595 Following JR Computer Consulting - Digital Forensics Investigator - Computer Forensics, Mobile Forensics and Cell Site Analysis. https://t.co/PkBMinFMoT
Cyb3r Jak3 @Cyb3r_Jak3
68 Followers 155 Following Privacy and transparency oriented. Computer Networking & Cyber Security. Passion for learning about new technologies. MVP@Cloudflare
Asif Matadar @d1r4c
507 Followers 2K Following Digital Forensics & Incident Response Leader | International Public Speaker | Investor | Entrepreneur | Mentor | U.K. Government Cyber Security Advisory Board
Shafik Punja @qubytelogic
917 Followers 3K Following DFIR worker bee/research monkey. Views are my own.🐧 And do not necessarily represent strategies, views or opinions of any employers: past, present or future.Trends for United States
You might like
