darkcybe
  • 👋whoami
  • Security Operations
    • 💉Threat Mangement
      • Identify
        • Developing a Security Program
        • Governance, Risk, and Compliance (GRC)
        • Security Architecture
      • Protect
        • Vulnerability Mangement
        • Identity and Access Management (IAM)
        • Zero Trust
    • 👩‍💻Threat Detection
      • Detect
        • Continuous Monitoring & Security Operations Center (SOC)
        • Cyber Threat Intelligence (CTI)
    • 🚒Threat Response
      • Respond
        • Digital Forensics and Incident Response (DFIR)
      • Recover
  • Offensive Security Operations
    • 🎯Penetration Testing
      • Techniques
        • MITRE ATT&CK
          • Reconnaissance
          • Resource Development
            • T1608 - Stage Capabilities
              • Staging Malware and Tools on Kali Linux
          • Initial Access
          • Execution
          • Persistence
          • Privilege Escalation
          • Defense Evasion
          • Credential Access
          • Discovery
          • Lateral Movement
          • Collection
          • Command and Control
          • Exfiltration
          • Impact
        • CAPEC
          • 100 - Overflow Buffers
          • 66 - SQL Injection
          • 94 - Adversary-in-the-Middle (AiTM)
          • 252 - PHP Local File Inclusion (LFI)
          • 560 - Use of Known Domain Credentials
          • 644 - Use of Captured Hashes (Pass-the-Hash (PtH))
          • 633 - Token Impersonation
        • Technology Focused
          • Cloud
            • Amazon Web Services (AWS)
            • Google Cloud Platform (GCP)
          • Network Protocols and Services
            • Port 20/21 - FTP
            • Port 22 - SSH
            • Port 23 - Telnet
            • Port 25 - SMTP
            • Port 53 - DNS
            • Port 80 - HTTP
            • Port 110/995 - POP3
            • Port 135/593 - MSRPC
            • Port 137-139 - NetBIOS
            • Port 143/993 - IMAP
            • Port 443 - HTTPS
            • Port 445 - SMB
            • Port 3389 - RDP
            • Port 5355 - LLMNR
            • ARP
            • Databases
              • Port 1433/1434 - MSSQL
              • Port 3306 - MySQL/MariaDB
            • DHCP
          • Web
            • PHP
          • Windows
            • Active Directory
          • Wireless
          • Linux
      • Offensive Security Tools
    • 🚩Capture The Flag (CTF)
  • Guides
    • 🔍DFIR
      • Evidence Artifacts
        • Event Logs
        • Windows
          • Evidence of...
            • Account Usage
            • File Download
            • Program Execution
            • External Device Activity
            • File and Folder Interaction
            • Lateral Movement
            • Network and Browser History
      • DFIR Tools
        • Malware and File Analysis
          • Sigcheck
          • DensityScout
        • Memory Forensics
          • Volatility
        • Program Execution
          • PeCmd
          • WxTcmd
          • AmcacheParser
          • JumpListExplorer (JLE)
          • AppCompatCacheParser
          • SrumECmd
        • DFIR Toolkits
          • Registry Explorer
          • Incident Timelines
      • Theat Analysis
        • Analysis
          • iOS Popup Scam
        • Emulation
    • 🥷Ethical Hacking
      • Exploitation
      • Post-Exploitation
      • Reporting and Documentation
    • ⛳CTF Walkthroughs
      • 📦Hack The Box (HTB)
        • 🚶HTB Walkthroughs
    • 👷‍♀️Security Engineering
      • Building a Cybersecurity Home Lab
        • Step 1: Lab Design and Architecture
        • Step 2: Installing and Configuring VMware ESXi 8
        • Step 3: Installing the OPNsense Firewall
        • Step 4: Configuring OPNsense Firewall Rules
  • General Resources
    • 🐳Deep Dives
      • Public Key Infrastructure (PKI)
    • 🐍Programming
      • Python
    • 🏋️Training
      • 🗓️Study Methodology
    • 🥠Semi-Pro Tips
      • Linux
      • Windows
      • Resources
Powered by GitBook
On this page
  1. Guides
  2. DFIR

DFIR Tools

What are the commonly used tools that DFIR Analysts use to investigate incidents, and how are the tools used to provide evidence of malicious activities?

PreviousNetwork and Browser HistoryNextMalware and File Analysis

Last updated 1 year ago

🔍
Malware and File Analysis