Digital forensics and incident response¶
Procedure notes covering acquisition, analysis, and investigation across platforms. Exercise writeups from TryHackMe’s DFIR learning path, CyberDefenders investigations, and Root-Me challenges. Scenarios cover log analysis, memory forensics, mobile artefact triage, and endpoint investigation.
- Jottings on DFIR techniques
- TryHackMe rooms
- TryHackMe DFIR rooms
- A Windows server
- Organisation X desktop
- Standard Collector Analysis (Redline)
- IOC Search Collector (Redline)
- IOC Search Collector Analysis (Redline)
- Endpoint investigation (Redline)
- Leaking private company data (again) (Autopsy)
- Windows 10 disk image (Autopsy)
- Acceptable Use Policy violation (KAPE)
- BOB! THIS ISN’T A HORSE! (Volatility)
- That Kind of Hurt my Feelings (Volatility)
- Hunt for a nightmare (Volatility)
- Android malware analysis (Pithus and jadx)
- iOS forensics (SQLiteDB)
- Puzzles @Cyberdefenders
- Root-me forensics challenges