Want to break down what is in a URL? Try Unfurl from Ryan Benson and gain further insights! dfir.blog/unfurl/
#DFIR
This story is absolutely insane. And we don't usually get a front-row seat to insider threat investigations
Spy got tricked by a honeypot and implicated the most senior leaders at the victim's biggest competitors.
I go through it all here: youtu.be/tDG1WfbSZFo
Unfurl v2025.03 is live and adds new features, including:
๐ Parsing #Google Search's UDM parameter
๐ Recognizing #Mastodon usernames and parsing forks (like truthsocial[.]com and gab[.]com)
๐งน Utility parser to "clean up" inputs
Try it: unfurl.link
Blog post: dfir.blog/unfurl-parse...
#DFIR #OSINT
Have a big number (or hex value) you found and think might be a timestamp? Drop it in `unfurl` in the terminal and see what comes out!
(add -d or --detailed if you want the type of timestamp, or run without it if you just want the value)
#DFIR #BF4SA #Unfurl ๐ฟ
A new Unfurl release (unfurl.link) is here! v2025.08 has:
๐ Parsing more from TikTok IDs (millisecond timestamp, entity type (user account, device, live session, or video), and more). Thanks to Benjamin Steel for the paper arxiv.org/abs/2504.13279
๐ Full release notes: github.com/obsidianfore...
A new Unfurl release is here! v2025.02 adds:
๐ Parsing encoded/obfuscated IP addresses
๐ฆ Resolving #Bluesky handles to their identifiers (DIDs) and looking up their creation timestamps
๐ Bug fixes & better bulk parsing
Blog: dfir.blog/unfurl-parse...
Code: github.com/obsidianfore...
#DFIR #OSINT
There's a new Hindsight release! New features in v2026.04 include:
- Parsing Sessions_* and Tabs_* files (SNSS) into the Timeline and a "Sessions" tab
- Parsing of Platform Notifications (shown/clicked)
- More fields for URL Visit rows (with KGraph lookups)
dfir.blog/hindsight-pa...
#DFIR #Chrome
There's a new Hindsight release!
Hindsight v2025.03 focuses on Extensions - parsing more activity and state records, highlighting Extension permissions, and making it easier to examine Manifests.
๐ Blog: dfir.blog/hindsight-pa...
๐ ๏ธ Tool download: hindsig.ht/release
#DFIR #Chrome #Extensions
There's a new Hindsight release! v2026.01 brings new features, including:
๐ Parsing Sync Data
โจ๏ธ Updated terminal interface
๐ Improved output formats
โ๏ธ Many fixes and enhancements
Read more at dfir.blog/hindsight-v2... or download the new version from GitHub: github.com/obsidianfore...
Matt Johansen
Jessica Hyde
Over the winter holiday, I was watching Netflix's Carry-On and got a bit nerd-sniped by a real Google Search URL on-screen... and then proceeded to "authenticate" it.
dfir.blog/authenticati...
#DFIR #OSINT #Unfurl #Netflix
Hindsight v2026.04 adds parsing of Session files (including form data), platform notifications, & Google Knowledge Graph lookups for page categories and entities!
Unfurl v2025.03 adds new features, including
parsing Google Search's UDM parameter, support for Mastodon forks (like Truth Social), and a utility parser to "clean up" inputs.
Hindsight v2025.03 focuses on Extensions - parsing more activity and state records, highlighting Extension permissions, and making it easier to examine Manifests.
Hindsight v2026.01 brings new features, including parsing Sync Data, an updated terminal interface, improved output formats, and dozens of fixes and enhancements.
