//
sign in
Profile
by @danabra.mov
Profile
by @dansshadow.bsky.social
Profile
by @jimpick.com
AviHandle
by @danabra.mov
AviHandle
by @dansshadow.bsky.social
AviHandle
by @katherine.computer
EventsList
by @katherine.computer
ProfileHeader
by @dansshadow.bsky.social
ProfileHeader
by @danabra.mov
ProfileMedia
by @danabra.mov
ProfilePlays
by @danabra.mov
ProfilePosts
by @danabra.mov
ProfilePosts
by @dansshadow.bsky.social
ProfileReplies
by @danabra.mov
Record
by @atsui.org
Skircle
by @danabra.mov
StreamPlacePlaylist
by @katherine.computer
+ new component
ProfilePosts
Loading...
#DFIR Automation Series I use 4 levels of automation ranging from none to fully automated. I think an ideal solution is to use full automation for low risk decisions. And recommendations for higher risk. We use recommendations in Cyber Triage by scoring each artifact. You ultimately decide.
9mo
Brian Carrier
Digital forensics has always relied on automation and "push buttons". What's changed is how many things we automate and the technologies used. No one ever chose to manually parse FAT12 floppy drives with a hex editor when they could have a tool list out the file names.
I'm super excited for this webinar. Sid is a super smart AI / LLM guy and it will be a good session to learn how to use AI in #DFIR and what's hype. We'll also show Cyber Triage hooked up to an LLM so that you can query artifacts.
Automation is when the tool does the next step for you. That doesn't mean it does the final step and concludes the investigation. Just a bunch of the needed steps in between. Automation still requires an investigator who asks the right questions and can understand context.
EDR Evasion 101 - Blocking Data needs to get to the EDR server to be analyzed for attacks. Blocking techniques prevent data from getting to the server. Example: Network filter to block packets destined to the server. www.cybertriage.com/edr_evasion
10mo
10mo
10mo
New Cyber Triage release with: * New UIs to give you an overview of the endpoint * Hyabusa integration * Baseline * Public key encryption on collector * LOTS more.... Blog and Download Link: www.cybertriage.com/blog/3-14-re...
Webinar Tomorrow - Automation and AI in DFIR and the SOC. Myself, Sentinel1, and CompassMSP will talk about pros/cons of automating DFIR and SOC tasks. Come tell us we're wrong! May 8. 11AM Eastern. register.gotowebinar.com/register/672...
May 1, 2025
May 6, 2025
May 7, 2025
Adding automation to your #DFIR investigations means you have less decisions to make. Get rid of the tedious work! Focus on the fun stuff! Here are my three thoughts on the most effective ways to add automation and which tools do them. What are yours? www.cybertriage.com/blog/3-ways-...
10mo
New Forensic Resource What to do after you find TeamViewer: → Log files to find activity details → Executables to find installation times → Domains to find download source Learn how to corroborate timelines to investigate suspicious TeamViewer. www.cybertriage.com/blog/dfir-ne...
Brian Carrier
10mo
Brian Carrier
Brian Carrier
Brian Carrier
Brian Carrier
Brian Carrier
Brian Carrier
This week's Defender Fridays features @carrier4n6.bsky.social, CEO of Sleuth Kit Labs, discussing EDR, DFIR and Endpoint Triage. Perfect for security professionals at any level looking to enhance their endpoint investigation skills. Register here: limacharlie.io/defender-fri... #cybersecurity
11mo
Cyber Triage
LimaCharlie