Will bei at FIRST Cti event in Munich starting Tuesday with @jkppr.bsky.social . If you want to talk about Time sketch, OpenRelik or other Open source tools

New version of OpenRelik (the #DFIR workflow engine) is out. New workflow UI, support for chords (task groups with callback), MCP server and much much more. Give it a try!

Take a look at the new page for workers showcase, both official and community contributed: openrelik.org/workers/

We are launching a Black Friday deal on our most popular course, Threat Hunting & Incident Response w/Velociraptor! From now until midnight (EST) 11/28, enjoy 40% off our best-selling on-demand course.

Register: ddi.sh/thvr-bf-2025
Use Code: blackfriday2025

#DFIR #ThreatHunting

📣THREAD: It’s surprising to me that so many people were surprised to learn that Signal runs partly on AWS (something we can do because we use encryption to make sure no one but you–not AWS, not Signal, not anyone–can access your comms).

It’s also concerning. 1/

Widespread Data Theft Targets Salesforce Instances via Salesloft Drift | Google Cloud Blog A widespread data theft campaign targeting Salesforce instances via the Salesloft Drift third-party application.

A threat actor (UNC6395) is accessing Salesforce accounts and data through the Salesloft Drift AI chat agent

cloud.google.com/blog/topics/...

A new Unfurl release (unfurl.link) is here! v2025.08 has:

🆔 Parsing more from TikTok IDs (millisecond timestamp, entity type (user account, device, live session, or video), and more). Thanks to Benjamin Steel for the paper arxiv.org/abs/2504.13279

📝 Full release notes: github.com/obsidianfore...

Black Hat Black Hat

Heading to #BlackHat Arsenal in 2 weeks w/ @maartenvdantzig.bsky.social to demo our new AI investigation features in Timesketch! We've built a workflow that partners the analyst with AI to speed up investigations while keeping you in control.

Meet us on 📍Thurs, Aug 7, 1pm, at Arsenal Station 7

Using Timesketch for timeline analysis? We recently added a new feature: LLM summaries of up to 500 events in view. Example below uses Gemini Flash, but you can just as easily use a local Ollama model. Setup guide: timesketch.org/guides/user/...

Security Fest 2025 - Day 2 YouTube video by Security Fest

Here are the slides/resources from our #SecurityFest talk on "Modernizing Incident Response Using Techniques that Scale"

Talk: www.youtube.com/live/Znl7TBF...

Hey DFIR Peeps! I am hiring incident responders in two locations - Boulder, CO and Sunnyvale, CA. It'd be hard to find a bigger CSIRT with more scope and more interesting stuff to do than this one. :D

SVL: www.google.com/about...

BLD: www.google.com/about...

Release 20250408 · google/timesketch What's Changed ✨ New Features & Major Enhancements Core Functionality & API: Add Support for Searching Processing Timelines by @jbaptperez in #3241 Add Timeline, SearchIndex and Datasource creati...

We have a new Timesketch release: github.com/google/times...
It includes AI / LLM things, new features, bugfixes and more. Check it out. #DFIR

What if the wise men kept walking after Jesus’s birth? YouTube video by xkcd's What If?

What if the wise men kept walking after Jesus’s birth?

Watch the latest What If? video collaboration with MinuteEarth!

youtu.be/YL2VNtus4xk

Hey #DFIR people! New #OpenRelik release just dropped. Some cool new features and a bunch of bug fixes.

Turren-Schönbüel Trail, my absolute favorite so far.

Snowshoeing at Weissenberge, Switzerland

A snow-covered landscape with a clear blue sky and snowshoe tracks leading through the snow.

Snowshoeing in a winter wonderland. [Furna, Switzerland]

Project Zero is hiring 👀
No need to tell y'all that the team is awesome

Exciting News🚀🎉:

Our @cyber5w.bsky.social Intro to DFIR Course is now FREE!🔍

Please read our announcement found below. The course will also be available for FREE @opensectraining.bsky.social very soon! #DFIR #infosec #cybersecurity #DigitalForensics

cyber5w.com/into-dfir.html

🚀 New OpenRelik release

Role-based access control, folder sharing, database improvements, optimisations for file listings, chunked file uploads, bug fixes and refactoring efforts to improve stability.

📝 https://openrelik.org/changelog/
🔗 https://discord.gg/hg652gktwX

#DFIR

If you need datasets for your #DFIR training? Feel free to use any of my cases found in the URL below. They can be used for both academic or commercial training.

www.ashemery.com/dfir.html

A picture taken from a mountain peak overlooking a sea of clouds.