Notes on DFIR Techniques¶

What is it?¶

A curated collection of practical digital forensics and incident response methods—think cheat sheets for real-world investigations.

Why make/read them?¶

• Skip the guesswork: Condensed wisdom from experienced analysts.

• Tool agnostic: Focuses on what to do, not just button clicks.

• Always handy: Like having a mentor’s notes in your back pocket.

Example tip:

“When analyzing timestamps, always correlate UTC vs. local time—this burns everyone once.”

The notes¶

• Forensic choreographies

• Preparing for acquisition

• Network forensics

• Image acquisition

• Android acquisition

• iOS acquisition

• Accessing images

• Windows analysis

• Linux analysis

• macOS analysis

• Mobile analysis

• iOS analysis

• Android analysis

• Resources