#DFiR

13Cubed demonstrates practical DFIR uses for public LLMs (Claude): decoding unknown DB formats and auto-generating bash to convert unstructured output into CSV, while warning about sharing sensitive case details. #DFIR #AI https://bit.ly/4cXiMUj

Investigation Scenario 🔎

You believe a Linux server was used as a jump box to pivot into another network segment, but the network traffic would not have crossed a sensor boundary for logging.

What evidence do you look for to prove the belief?

#InvestigationPath #DFIR #SOC

DFRWS USA 2026 REGISTRATION is NOW OPEN 🎯 Register: https://buff.ly/4hl9PlT 👉 Programme: https://buff.ly/5R8822d

Early Bird Registration is now open for #DFRWS2026USA.

🦉 Early Bird rates available until May 25
📜Papers Announced

👉 Register: buff.ly/4hl9PlT

#DFIR #ForensicScience #IncidentResponse
#DigitalForensics #CyberSecurity #InfoSec
#LawEnforcementTech #CyberInvestigation

It's time for a new 13Cubed episode! I've got some thoughts about AI and digital forensics. Let's talk about it.

www.youtube.com/watch?v=wKn-...

#DFIR

🔍 Inside the Tech: New Talk Added to BSides Luxembourg

𝗠𝗔𝗦𝗧𝗘𝗥𝗜𝗡𝗚 𝗜𝗡𝗖𝗜𝗗𝗘𝗡𝗧 𝗥𝗘𝗦𝗣𝗢𝗡𝗦𝗘 𝗪𝗜𝗧𝗛 𝗞𝗔𝗡𝗩𝗔𝗦 – Ardit Beu

Bring clarity to chaos in this hands-on 40-minute talk focused on modern incident response workflows. Discover how Kanvas transforms scattered […]

[Original post on infosec.exchange]

From TV Tuner to Cast to Device: Mapping the Hidden Audio Pipeline Windows media services like Cast to Device, TV tuner mappings, network discovery, and audio routing are often treated as harmless convenience features. But inside a complex environment, those same trusted services can create quiet transport paths for audio movement, remote playback, and device-to-device communication. Looking at these pathways through a DFIR and threat-modeling lens helps reveal how normal system architecture can be repurposed into covert communication channels.

Windows media services like Cast to Device & audio routing aren't just for convenience—they’re potential relay nodes. Through a DFIR lens, these trusted paths can become covert channels for quiet data movement. 💻🛡️

#solideinfo #cybersecurity #DFIR #WindowsSecurity #BlueTeam

Week 16 – 2026 Stop scaling headcount. Scale your SecOps.Most security teams don’t have a talent problem, they have a noise problem. Material Security unifies your cloud workspace, providing detection and response across email, files, and accounts. From automating phishing remediation to revoking risky OAuth permissions and auditing file shares, we eliminate manual toil. Stop fighting fragmented consoles. Simplify […]

Originally from This Week in 4n6: Week 16 – 2026 ( :-{ı▓ #dfir #incidentresponse #cyberresearch

Week 16 – 2026 Stop scaling headcount. Scale your SecOps.Most security teams don’t have a talent problem, they have a noise problem. Material Security unifies your cloud workspace, providing detection and respons…

Week 16 - 2026 #DFIR

thisweekin4n6.com/2026/04/19/w...

Awakari App

[13Cubed] Chaos at Cobalt Challenge — Investigating Windows Endpoints [13 Cubed] Linux & Windows Compromised Case Continue reading on InfoSec Write-ups »

#digital-forensics #windows-forensics #cobalt-strike #cybersecurity #dfir

Origin | Interest | Match

Awakari App

[13Cubed] Chaos at Cobalt Challenge — Investigating Windows Endpoint [13 Cubed] Linux & Windows Compromised Case Continue reading on InfoSec Write-ups »

#digital-forensics #windows-forensics #cobalt-strike #cybersecurity #dfir

Origin | Interest | Match

CABTA is a local-first SOC platform: 20+ TI feeds, local LLM via Ollama, advanced malware/email forensics, Cobalt Strike beacon extraction and Volatility 3 memory analysis. #tool #DFIR #malware https://bit.ly/3QdIhb8

🐧 Teaching FOR577: Linux IR & Threat Hunting at SANS Austin, June 22–27!

Hands-on labs, GLIR cert prep, NetWars, SANS@Night talks, great networking — and legendary Austin BBQ. 🍖

Early-bird pricing ends May 7th. Lock in your spot!
👉 www.sans.org/cyber-securi... #SANS #FOR577 #DFIR

Register today for the live Magnet User Summit 2026 keynote! Experience the Magnet User Summit 2026 keynote live! | April 21 at 8:45AM CT

We’re a week away from the #MagnetUserSummit 2026 keynote on April 21!

Join this one-time livestream to get an exclusive look at what’s next for Magnet Forensics in 2026 — from AI to Magnet One and beyond.

Register now: https://ow.ly/oPJB50YHao0

#DFIR #DigitalForensics #MUS2026

DFRWS USA 2026 REGISTRATION is NOW OPEN 🎯 Register: https://buff.ly/4hl9PlT 👉 Programme: https://buff.ly/5R8822d

Registration is now open for #DFRWS2026USA

Your work matters. Join the conversation.

🦉 Early Bird rates available until May 25:
👉 Full $745 | LE $645 | Student $545 | Virtual $150

🎯 Register: buff.ly/4hl9PlT

#DigitalForensics #CyberSecurity #DFIR

Introducing live endpoint explorer in Magnet Nexus Learn about the new Live Endpoint Explorer in Magnet Nexus for faster endpoint triage and precise data collection.

With the new Live Endpoint Explorer in #MagnetNexus, #DFIR and investigative teams can get fast visibility into endpoint file and folder trees — enabling precise data collection without switching between tools.

Learn more and see it in action: https://ow.ly/M2T150YIRcy

Investigation Scenario 🔎

You run IT for a public high school. A teacher observed a student using AI to generate ideas for accessing the school grading system and reported it.

What do you look for to investigate whether an incident occurred?

#InvestigationPath #DFIR #SOC

S1:E7 // Overcoming AI & deepfake defense in ICAC cases - Magnet Forensics Artificial intelligence is increasingly being invoked in child exploitation cases as a defense strategy, with claims that images are AI-generated, deepfakes, and that no real child is being depicted—all to create confusion and undermine proof.

Our latest #LegalUnpacked episode will dive into how ICAC prosecutors and investigators can arm themselves with practical strategies to identify, analyze, and rebut AI-based defenses.

Tune in on April 15: https://ow.ly/z9Q450YIsMr #DFIR #DigitalInvestigations

Windows Orphaned Child Processes Investigated with Process Explorer and Forensic Telemetry Use Process Explorer and Sysmon to investigate orphaned Windows child processes, PPID spoofing, and process hollowing across enterprise IR workflows.

Use Process Explorer and Sysmon to investigate orphaned Windows child processes, PPID spoofing, and process hollowing across enterprise IR workflows.

#solideinfo #MemoryForensics #DFIR #CyberCrime #cybersecurity #WindowsForensics

Week 15 – 2026 Stop scaling headcount. Scale your SecOps.Most security teams don’t have a talent problem, they have a noise problem. Material Security unifies your cloud workspace, providing detection and response across email, files, and accounts. From automating phishing remediation to revoking risky OAuth permissions and auditing file shares, we eliminate manual toil. Stop fighting fragmented consoles. Simplify […]

Originally from This Week in 4n6: Week 15 – 2026 ( :-{ı▓ #dfir #incidentresponse #cyberresearch

Week 15 – 2026 Stop scaling headcount. Scale your SecOps.Most security teams don’t have a talent problem, they have a noise problem. Material Security unifies your cloud workspace, providing detection and respons…

Week 15 - 2026 #DFIR

thisweekin4n6.com/2026/04/12/w...

On April 25th, entries across social media platforms will be combined, and the five winners will be selected.

To Enter:
✅ Like
✅ Share
✅ Comment which course you want to win the most

#DFIR #DigitalForensics #IncidentResponse

State of Enterprise #DFIR 2026 insight: The need for real-time collaboration is becoming a central driver for SaaS adoption.

Why it matters: Collaboration is becoming a prerequisite for keeping pace with volumes, timelines, and expectations.

Learn more: https://ow.ly/N78I50YHbuv

Heimdall DFIR — unified open-source DFIR cockpit: chunked uploads to 256GB, Super Timeline (Elasticsearch), async parsing (Hayabusa, Zimmerman Tools), YARA & Sigma hunts, TAXII/STIX correlation and signed PDF export. #tool #DFIR https://bit.ly/4c3H4M5

Building a digital forensics lab: A guide for the Public Sector Learn the essentials of building a defensible, scalable public sector digital forensics lab, from budget and setup to tools and training.

Building or modernizing a #DigitalForensics lab in the public sector requires balancing people, process, and technology.

This blog breaks down key considerations for creating a lab that can support investigations today and scale for tomorrow: ow.ly/KiBr50YH7Jo

#DFIR #DigitalInvestigations

This Diamond Model from our “Cat’s Got Your Files: Lynx Ransomware” report illustrates the four core elements of the intrusion.

See how all four vertices aligned for full-domain compromise 👇
thedfirreport.com/2025/12/17/c...

#DFIR #ThreatIntel #Ransomware #BlueTeam #CyberSecurity

The MUS 2026 #CTF is almost here and there’s still time to jump in!

Compete in Operation Candy to test your #DFIR skills and win:

- Ray‑Ban Meta Glasses
- Magnet Merch
- Participant CTF Coins

Spots are limited, so don’t miss out! Register to join us April 22: www.magnetusersummit.com.

MALoney (It's in the name): Creating a Fuji/WinFE external drive Creating a Fuji/WinFE external drive This post walks through how to build a combined Fuji Cartridge and ...

Combining Fuji Cartridge and WinFE into a single setup that can handle forensic imaging for both macOS and Windows systems. #DFIR

malwaremaloney.blogspot.com/2026/04/last...

Coming soon. How to build a combined Fuji recovery and WinFE drive. #DFIR

We’re coming to Ottawa on May 13–14 for the Magnet Canada Summit — two days of learning, collaboration, and hands‑on insight into the future of #DigitalInvestigations.

Learn more and secure your free spot today: https://ow.ly/kuzn50YFOWb #DFIR #DigitalForensics #MagnetCanadaSummit

Read the latest DFIR news – AI in digital evidence review, triage in digital forensics, Android privacy challenges, vehicle forensics planning, and more. www.forensicfocus.com/news/... #DigitalForensics #DFIR