Forensics - PSJoshi/Notes GitHub Wiki
- Interesting forensics blog entries:
- Red team vs Blue team vs Purple team - https://github.com/darkoperator/Presentations/blob/master/Derbycon2016/Thinking%20Purple.pdf
- Awesome incident response - https://github.com/meirwah/awesome-incident-response#osx-evidence-collection
- IoT toolkit - https://systemoverlord.com/2018/04/16/the-iot-hackers-toolkit.html
- Forensic artifcats in Windows registry - http://digitalfire.ucd.ie/wp-content/uploads/2012/10/WindowsRegistryForensics.zip
- Digital forensics as a big data challange - https://articles.forensicfocus.com/2017/08/07/digital-forensics-as-a-big-data-challenge/
- Stuxnet sample - https://tuts4you.com/e107_plugins/download/download.php?view.3011
- Memory dumps of Windows, Linux and MacOS - https://holdmybeersecurity.com/2016/06/12/linux-and-windows-memory-dump/
- One-Click Windows Memory Acquisition with DumpIt - https://zeltser.com/memory-acquisition-with-dumpit-for-dfir-2/
- Tracking registry changes
- Automated DFIR triage using Google timesketch - https://blueteamops.medium.com/super-charging-bulk-dfir-triage-with-node-red-google-log2timeline-google-timesketch-2d78e1ee335c
- Live response collection tool - https://github.com/orlikoski/CyLR
- Process Windows memory images using volatility -https://github.com/blueteam0ps/SuperMem