Some insightful resources might helpful;
1: Cellebrite Capture the Flag (CTF) write-up specifically links to many of the free, open-source tools, which is worth a read to understand the commands may found in the blog.
2: Evidence Collecting Tools for Fast Forensics Concepts, Process, and Methods for windows-based machines. First Triage/Live Response script (a simple Windows batch script) the problem seemed like a simple one: Collect artifacts and telemetry from an endpoint and save them to a locally attached USB drive for analaysis.
3: Threat Hunting tool include clear signs of both malicious activity and legitimate traffic. The legitimate traffic, included in the list of potential issues, is considered a false positive; traffic incorrectly flagged as potentially malicious.
Threat Hunting tool include clear signs of both malicious activity and legitimate traffic. The legitimate traffic, included in the list of potential issues, is considered a false positive; traffic incorrectly flagged as potentially malicious.
4: CTFs/#DFIR forensic test images have been moved to its own page for ease of finding something to practice on or practice with. There are dozens of listings now with hundreds more being added.
5: 25 Days, 25 Questions on Digital Forensics Lab And Tool Standards by Sh. Santosh Khadsare, digital forensics expert.Every day a question was posed to the enthusiastic digital forensic community for following purposes:
- Creating a common forum for the DFIR professionals to interact and share their thoughts.
- Increasing the core knowledge base in an interactive mode.
- Networking with professionals who are working in this niche area.
6: Malware/IR-Tools-Resources shared by Sh. Shilpesh Trivedi, Malware Analyst.; this repo contains resources for following:
Malware Analysis, Threat Hunting, Incident Response, Threat Intelligence etc
- Analyst or examiner should also focus on manual analysis of these artefacts rather than blindly depending on automated parsers tools.
- While doing any analysis it is also emphasize the importance of knowing where to find specific forensic artifacts related to the incident.
- DO crosss examination atleast with more than one tool for better result.
Read also free study resources on digital forensics: https://d3pakblog.wordpress.com/2017/08/02/d34n6-tutorial/
Disclaimer: These resources is provided “as is” for informational education purposes only; not endorsement.