Adding registry parsing to the DFIR thing The Windows registry contains a lot of valuable information for investigating the devices. It can be a daunting task to get started with it but there are awesome tools like the Eric Zimmerman tools which offers great way to get started. I also want to include the...
The DFIR thing
The DFIR.. what? For the last couple of years I have tinkered around a docker-compose configuration for launching DFIR investigation system. The original one was created with four components: ELK – ingesting all the data with all the visualisations PLASO – parse all the Windows evidence Chainsaw – parse evtx logs Hayabusa – parse...