TDFCon
@tdfcon.com
Official account of TDFCon; Teesside University’s annual digital forensics conference. Website: www.tdfcon.com
Reposted by TDFCon
That depends…what OS are we talking about?
April 8, 2025 at 4:42 PM
That depends…what OS are we talking about?
Reposted by TDFCon
Investigation Scenario 🔎
A user reports that all the files in their documents/desktop folders are gone after returning to the office on Monday. They swear they didn’t delete them.
What do you look for to investigate whether an incident occurred?
#InvestigationPath #DFIR #SOC
A user reports that all the files in their documents/desktop folders are gone after returning to the office on Monday. They swear they didn’t delete them.
What do you look for to investigate whether an incident occurred?
#InvestigationPath #DFIR #SOC
April 8, 2025 at 1:59 PM
Investigation Scenario 🔎
A user reports that all the files in their documents/desktop folders are gone after returning to the office on Monday. They swear they didn’t delete them.
What do you look for to investigate whether an incident occurred?
#InvestigationPath #DFIR #SOC
A user reports that all the files in their documents/desktop folders are gone after returning to the office on Monday. They swear they didn’t delete them.
What do you look for to investigate whether an incident occurred?
#InvestigationPath #DFIR #SOC
Reposted by TDFCon
In rare instances, creating a symbolic link under Linux (ln -s) to a file that doesn't yet exist is said to create a "ghost link." This link remains dormant until a file with the target name is created, at which point the link mysteriously awakens and becomes functional. Have you experienced it?
April 6, 2025 at 2:32 PM
In rare instances, creating a symbolic link under Linux (ln -s) to a file that doesn't yet exist is said to create a "ghost link." This link remains dormant until a file with the target name is created, at which point the link mysteriously awakens and becomes functional. Have you experienced it?
Reposted by TDFCon
Well this certainly throws up some interesting forensic questions!
April 6, 2025 at 6:10 PM
Well this certainly throws up some interesting forensic questions!
Reposted by TDFCon
Here is a Windows 10 Desktop Hardening Cheat Sheet! 🛡️ With support ending on October 14, 2025, send this to those that have not yet upgraded (we all have that stubborn friend), and contribute on GitHub if you like :)
github.com/yetkind/Wind...
#Windows10 #Cybersecurity #Security #Infosec #Hardening
github.com/yetkind/Wind...
#Windows10 #Cybersecurity #Security #Infosec #Hardening
GitHub - yetkind/Windows-10-Desktop-Hardening-Cheat-Sheet: Windows 10 Desktop Hardening Cheat Sheet
Windows 10 Desktop Hardening Cheat Sheet. Contribute to yetkind/Windows-10-Desktop-Hardening-Cheat-Sheet development by creating an account on GitHub.
github.com
March 28, 2025 at 7:03 PM
Here is a Windows 10 Desktop Hardening Cheat Sheet! 🛡️ With support ending on October 14, 2025, send this to those that have not yet upgraded (we all have that stubborn friend), and contribute on GitHub if you like :)
github.com/yetkind/Wind...
#Windows10 #Cybersecurity #Security #Infosec #Hardening
github.com/yetkind/Wind...
#Windows10 #Cybersecurity #Security #Infosec #Hardening
Reposted by TDFCon
Reposted by TDFCon
Recently, I heard some organisations are shelving BFU (Before First Unlock) devices.
As they are "too difficult" or "not worth it."
Forget tool loyalties—as multi-tooling is vital.
DFIR experts, what's your take?
Why wouldn't they even try?
Is this the norm?
#DFIR #DigitalForensics
As they are "too difficult" or "not worth it."
Forget tool loyalties—as multi-tooling is vital.
DFIR experts, what's your take?
Why wouldn't they even try?
Is this the norm?
#DFIR #DigitalForensics
November 18, 2024 at 7:43 AM
Recently, I heard some organisations are shelving BFU (Before First Unlock) devices.
As they are "too difficult" or "not worth it."
Forget tool loyalties—as multi-tooling is vital.
DFIR experts, what's your take?
Why wouldn't they even try?
Is this the norm?
#DFIR #DigitalForensics
As they are "too difficult" or "not worth it."
Forget tool loyalties—as multi-tooling is vital.
DFIR experts, what's your take?
Why wouldn't they even try?
Is this the norm?
#DFIR #DigitalForensics
Reposted by TDFCon
Great questions! Work gets formal DOI and is published with the review comments names. It is a subproject of DFRWS. Not a BLIND peer reviewed journal as works are already blog published - so a requirement is that work appears on a blog. The reviewers are a mix of academics and practitioners.
November 14, 2024 at 7:08 PM
Great questions! Work gets formal DOI and is published with the review comments names. It is a subproject of DFRWS. Not a BLIND peer reviewed journal as works are already blog published - so a requirement is that work appears on a blog. The reviewers are a mix of academics and practitioners.
Reposted by TDFCon
What’s the current position as to work published through DFIR Review getting formal recognition through DFRWS? I know several academics who might publish research this way, but are chasing certain institutional targets (like PhD by publication or REF). Does it count as an official conference paper?
November 14, 2024 at 7:01 PM
What’s the current position as to work published through DFIR Review getting formal recognition through DFRWS? I know several academics who might publish research this way, but are chasing certain institutional targets (like PhD by publication or REF). Does it count as an official conference paper?
Reposted by TDFCon
#DFIR 💭 of the Day: We need more practitioner created blogs to undergo Peer Review.
Check out dfir.pubpub.org to help with that.
While the process isn’t as fast as I would like it (we could use more reviewers and volunteers to help with publication)
Check out dfir.pubpub.org to help with that.
While the process isn’t as fast as I would like it (we could use more reviewers and volunteers to help with publication)
November 14, 2024 at 5:04 PM
#DFIR 💭 of the Day: We need more practitioner created blogs to undergo Peer Review.
Check out dfir.pubpub.org to help with that.
While the process isn’t as fast as I would like it (we could use more reviewers and volunteers to help with publication)
Check out dfir.pubpub.org to help with that.
While the process isn’t as fast as I would like it (we could use more reviewers and volunteers to help with publication)
Reposted by TDFCon
To kick things off we will be hosting one of our module 3 (component examinations) courses out of our training programme next week for people who are looking to use advanced techniques to acquire data from vehicle infotainment systems. ISP and then data reconstruction.
November 14, 2024 at 9:49 AM
To kick things off we will be hosting one of our module 3 (component examinations) courses out of our training programme next week for people who are looking to use advanced techniques to acquire data from vehicle infotainment systems. ISP and then data reconstruction.
Reposted by TDFCon
Anyone interested in a complete #DFIR feed should follow this monitor
In case anyone finds it useful, I have created a DFIR feed, which simply monitors the use of various popular DFIR-related hashtags over the last 24 hours. The feed is available from bsky.app/profile/did:...
November 14, 2024 at 10:48 AM
Anyone interested in a complete #DFIR feed should follow this monitor
Reposted by TDFCon
In case anyone finds it useful, I have created a DFIR feed, which simply monitors the use of various popular DFIR-related hashtags over the last 24 hours. The feed is available from bsky.app/profile/did:...
November 14, 2024 at 10:46 AM
In case anyone finds it useful, I have created a DFIR feed, which simply monitors the use of various popular DFIR-related hashtags over the last 24 hours. The feed is available from bsky.app/profile/did:...
Reposted by TDFCon
Currently looking into Smart Home Cloud Recovery, which on average is fairly new to the UK as most houses haven't really adopted it fully. However from an outsider looking in it appears to be the opposite in the US, do any the US community have any good resources on the matter? #DFIR
November 13, 2024 at 12:13 PM
Currently looking into Smart Home Cloud Recovery, which on average is fairly new to the UK as most houses haven't really adopted it fully. However from an outsider looking in it appears to be the opposite in the US, do any the US community have any good resources on the matter? #DFIR
Reposted by TDFCon
Reposted by TDFCon
If you want to research #Android & #iOS full file systems extractions you have to use the ones @joshhickman.bsky.social generates.
They are fully documented with timestamps.
They have been an invaluable resource when making parsers for the #LEAPPS.
Check them out.
#DigitalForensics
They are fully documented with timestamps.
They have been an invaluable resource when making parsers for the #LEAPPS.
Check them out.
#DigitalForensics
November 12, 2024 at 7:47 PM
If you want to research #Android & #iOS full file systems extractions you have to use the ones @joshhickman.bsky.social generates.
They are fully documented with timestamps.
They have been an invaluable resource when making parsers for the #LEAPPS.
Check them out.
#DigitalForensics
They are fully documented with timestamps.
They have been an invaluable resource when making parsers for the #LEAPPS.
Check them out.
#DigitalForensics
Reposted by TDFCon
BOOKMARKS! How do we do them?
Use this emoji 📌 (pushpin emoji)!
BUT FIRST: Click this link. Like/Follow the feed. It'll take you to a bookmark feed where all of your bookmarks are in one place! Pin it, and you'll be able to access them easily.
Then, you can 📌 with ease!
bsky.app/profile/did:...
Use this emoji 📌 (pushpin emoji)!
BUT FIRST: Click this link. Like/Follow the feed. It'll take you to a bookmark feed where all of your bookmarks are in one place! Pin it, and you'll be able to access them easily.
Then, you can 📌 with ease!
bsky.app/profile/did:...
November 10, 2024 at 9:04 PM
BOOKMARKS! How do we do them?
Use this emoji 📌 (pushpin emoji)!
BUT FIRST: Click this link. Like/Follow the feed. It'll take you to a bookmark feed where all of your bookmarks are in one place! Pin it, and you'll be able to access them easily.
Then, you can 📌 with ease!
bsky.app/profile/did:...
Use this emoji 📌 (pushpin emoji)!
BUT FIRST: Click this link. Like/Follow the feed. It'll take you to a bookmark feed where all of your bookmarks are in one place! Pin it, and you'll be able to access them easily.
Then, you can 📌 with ease!
bsky.app/profile/did:...
Reposted by TDFCon
Android 15 now has a "Private Space." What to learn about it? @charpy4n6.bsky.social and me will be discussing it this Thursday on the Digital Forensics Now Podcast at 6 PM EST.
Current tools are missing a lot of data from these Private Spaces. Notice how #ALEAPP parses it out.
#MobileForensics
Current tools are missing a lot of data from these Private Spaces. Notice how #ALEAPP parses it out.
#MobileForensics
November 13, 2024 at 12:04 AM
Android 15 now has a "Private Space." What to learn about it? @charpy4n6.bsky.social and me will be discussing it this Thursday on the Digital Forensics Now Podcast at 6 PM EST.
Current tools are missing a lot of data from these Private Spaces. Notice how #ALEAPP parses it out.
#MobileForensics
Current tools are missing a lot of data from these Private Spaces. Notice how #ALEAPP parses it out.
#MobileForensics
Reposted by TDFCon
Running tools doesn't make you special or essential. If this is all you do you are a few tool iterations of being automated away. No need or reason to brag.
#DigitalForensics #DFIR #MobileForensics
#DigitalForensics #DFIR #MobileForensics
November 13, 2024 at 12:00 PM
Running tools doesn't make you special or essential. If this is all you do you are a few tool iterations of being automated away. No need or reason to brag.
#DigitalForensics #DFIR #MobileForensics
#DigitalForensics #DFIR #MobileForensics
Reposted by TDFCon
Join Amped Software on November 20 for a 90-minute webinar on Amped Replay, the forensic video player of choice for police officers and investigators. ##digitalforensics
UPCOMING WEBINAR – Speeding Up And Simplifying Video Investigations With Amped Replay
Join Amped Software on November 20 for a 90-minute webinar on Amped Replay, the forensic video player of choice for police officers and investigators.
www.forensicfocus.com
November 13, 2024 at 3:06 PM
Join Amped Software on November 20 for a 90-minute webinar on Amped Replay, the forensic video player of choice for police officers and investigators. ##digitalforensics