MC @grayfold3d
#DFIR Virginia, USA Joined June 2018-
Tweets234
-
Followers366
-
Following328
-
Likes1K
@mhallman Value=3. I’ve parsed the prefetch with pecmd and see other entries on the date in question so just not sure why it’s not being recorded or was deleted. I seem to recall reading somewhere about cases where a pf file might not be created if it opened quickly but can’t find it now
#dfir question...Under what conditions would a program execution fail to create a prefetch file/prefetch file be deleted? Running Win10 and I have pf files with dates prior to the known execution of this application so I don’t think it’s getting removed due to a size limit.
@mhallman I also see execution evidence in amcache, appcompatcache
@mhallman Yep. One of the applications I’m looking at is TeamViewer. I know it was installed/executed due to its application logs but there are no prefetch entries. I’ve run this app in a lab and see pf files for the installer and application. Don’t have FD image to carve unfortunately
I should note these entries would be months old but I know this app does create pf files.
Well...no logs. This seems like a great idea. “No logs are created on either the helper’s or sharer’s device” docs.microsoft.com/en-us/windows/…
Anyone aware of any logs showing sessions/connections from Microsoft Quick Assist (newer more user friendly Remote Assistance)? Not seeing anything in the normal RDP logs.
@bettersafetynet I love the fact that git is built into new Windows versions (starting at 1909 I think). I just run it from PS prompt now
@AkashhSawant @SwiftOnSecurity Administrative templates: docs.microsoft.com/en-us/troubles…
Anyone know of good OSX forensic resources similar to the SANS “evidence of” posters?
I've always thought a "PowerShell for PHBs" presentation would be fun. Here's one I used today to figure out what's been important to me recently. In Outlook, select your last 6 months of "Sent Items", and press CTRL-C. Then voila!
My Linux Forensics material is now up at archive.org -- grab the torrent from archive.org/download/HalLi…
@byteya @EricRZimmerman Haha if there’s one thing I know, it’s that if @ericzimmerman writes it, it will be in C# and not Python
@HighViscosity Awesome post! First time of I’ve seen or heard of LNK files created from searches.
@ItsReallyNick @SBousseaden Yeah typically the same documents. But around 20 different pdf, CSV, etc. What I’ve seen have been things like contact sheets and other ref docs. There’s been a bunch of back and forth between our team and the business unit he works in with all the reasons this is a bad idea.
@SBousseaden We have a guy that likes putting office docs in his startup folder. How his machine manages to start with alll those files loading at startup is beyond me. Oh EDR loves him too 😑
@brianjmoran My wife and I play a game where she tells me the Hallmark movie name and I have to guess what it’s about. I’ve got a 75% success rate.
Kevin 🤖🕵️🍺 @KevinPagano3
4K Followers 588 Following 🕵🏼♂️ @stark4n6 🎴 Shiny cardboard collector 🍺 Resident beer drinker
Phill Moore @phillmoore
9K Followers 3K Following This Week in 4n6 // ThinkDFIR https://t.co/vLyL2sgQsy I might not know much, but I do know how to Google Tweets are mine
Adam Harrison @harrisonamj
2K Followers 446 Following Digital Forensic Investigator, Incident Responder, HAM, ambassador for flip-flops and purveyor of fine Dad Jokes. #DFIRFit
Brian Maloney @bmmaloney97
3K Followers 622 Following "Distrust and caution are the parents of security." - Benjamin Franklin
Vincetius Vulpes @VinceVulpes
169 Followers 2K Following Cybersec Pro, Coder of Fortune, Knave of all Trades, Artist of Human Motion. Opinions expressed are my own and do not represent the views of my employer.
l0qu3s34 @l0qu3s34
2 Followers 292 Following
Ordaepar @Ordaepar8800
24 Followers 996 Following
Español Youtube @IagoribeiroBR
16 Followers 681 Following
rcegan @rcegann
652 Followers 766 Following senior security engineer/threat detection lead @ mssp. Hack the planet.
Liditue @LiditueWTt
40 Followers 4K Following
TammyMac- @0vR2261Q6n7qW4I
62 Followers 7K Following
KristinNorton @0u0Yo748c20367
68 Followers 7K Following
Slashi @Slashi381851
18 Followers 1K Following
Goonersaurus @goonersaurus85
144 Followers 610 Following
A.R. Figueroa @RehileteCasero
213 Followers 5K Following
farmerK @elwell
556 Followers 4K Following Security Engineer & ASE Certified Master Technician. Car hacking/security, PAM, Threat Hunting. @ElwellFunnyFarm | Opinions are my own, not my employer's
John Hamilton @Mecha__Shiva
0 Followers 62 Following
JC @taskar_jc
43 Followers 3K FollowingVolkov Ivan @volkovin
60 Followers 5K Following
Mike @JoNy_HaMrStCkS
0 Followers 133 Following
Andrew Rathbun @bunsofwrath12
3K Followers 731 Following Husband, Father, #DFIR @ Unit 42, Digital Forensics Discord Admin, AboutDFIR Contributor, Author, #USMC Veteran, Former LE, NHL Fan, Dark Mode, Animals, Music
Rani Malki @RaniAlMalki
18 Followers 198 Following
CyberDweller @cyber__dweller
0 Followers 451 Following
Sølst1c3 @s0lst1c3
5K Followers 2K Following Wi-Fi Hacker, Red Team Guy | Prev @amazon / @specterops / @gdssecurity | @defcon CFP board | #hacking, #cloud, random.lulz() | Daemon est Ubique, Ubique Deus!
jordan drysdale @Rev10D
653 Followers 500 FollowingSohil Shah @magicianss64
165 Followers 4K Following Over a decade doing Digital Forensics, Incident Response, Cyber Security and keeping the world safe from bad people! #DFIR #WindowsInternals #DataRecovery
8lU3sH33p @8lU3sH33p
87 Followers 2K Following
Cyber Analyzer @cyberanalyzer
2K Followers 3K Following Malware Analyst #CyberSecurity #Malware #ThreatIntel #Ransomware #OSINT #Phishing #Maldoc #DFIR #InfoSec
Animalia Welfare Asso... @192_168_1_32
5 Followers 177 Following Welfare for animals consume organic material, breathe oxygen, are able to move, can reproduce sexually.
Jérémy 4n6 🔎📱... @jmarande
127 Followers 951 Following L'œil ne voit dans les choses que ce qu'il regarde. Et il ne regarde ce qui est déjà à l'esprit - A.BERTILLON
G_M @__Test__123____
0 Followers 3K Following
Blue Team News @blueteamsec1
56K Followers 9K Following The cybersecurity home for the latest #BlueTeam, #DFIR, and #ThreatHunting news and tools.
S Free @misenus42
8 Followers 832 Following
b1t w1zArd @b1t_w1zArd
38 Followers 2K Following
reader801561 @reader801561
1 Followers 170 Following
limce @limce8
0 Followers 42 Following
Scott Lynch @packetengineer
2K Followers 5K Following Certified @SANSDefense Instructor | SECOPS/CERT Manager | Defcon BTV | Navy Vet | Sailor | Tweets Are My Own
[email protected] @Superelvv
3 Followers 493 Following
Matthew Toussain @0sm0s1z
7K Followers 2K Following 🏳️🌈 Founder @_OpenSecurity_ // Former @BHInfoSecurity // Former SANS // Former USAF / Former me… #RedTeamFit /https://t.co/TkCZZSc4xA
Dwaine Anderson @Ando_13
346 Followers 702 Following
Champlain College Dig... @champdfa
1K Followers 86 Following Champlain College Digital Forensics Association | Student organization to support extracurricular events in #DigitalForensics #DFIR.
Roland R. @Roland_Rre
115 Followers 3K Following
Richard Ackroyd @rfackroyd
810 Followers 810 Following Fintech Security Engineer | Cyber Threat Detection
GlassWire @GlassWire
9K Followers 7K Following GlassWire for Windows & Android both help protect your device, privacy, and data usage by visualizing your network activity. 📱💻 https://t.co/6HazpJlSiQ
Kevin 🤖🕵️🍺 @KevinPagano3
4K Followers 588 Following 🕵🏼♂️ @stark4n6 🎴 Shiny cardboard collector 🍺 Resident beer drinker
Ali Hadi | B!n@ry @binaryz0ne
35K Followers 570 Following DFIR and Adversary Simulation | All posts reflect the views and interests of the person behind this account only |
Florian Roth ⚡️ @cyb3rops
221K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
SANS DFIR @sansforensics
111K Followers 104 Following The world's leading Digital Forensics and Incident Response provider. This feed updates you on latest DFIR news, events, and training.
Heather Mahalik Barnh... @HeatherMahalik
23K Followers 1K Following DFIR, Faculty Fellow & author, #FOR585 #FOR500, wife, mama, researcher, USAF. Trust but validate. Thoughts are mine.
Phill Moore @phillmoore
9K Followers 3K Following This Week in 4n6 // ThinkDFIR https://t.co/vLyL2sgQsy I might not know much, but I do know how to Google Tweets are mine
Chad Tilbury @chadtilbury
22K Followers 598 Following Digital forensics and incident response. Ex-AFOSI, Mandiant, and CrowdStrike. SANS Institute Fellow and co-author of #FOR500 and #FOR508 courses.
SwiftOnSecurity @SwiftOnSecurity
411K Followers 9K Following computer security person. former helpdesk.
Mick Douglas 🇺🇦... @bettersafetynet
32K Followers 574 Following Consultant for InfoSec Innovations | @SANSInstitute Principal Instructor | @IANS_Security Faculty | I like information security. How about you?
Devon @aboutdfir
3K Followers 142 Following Custodian of Private Histories | Keynote Speaker | Creator of https://t.co/sgaC8FxjAE | Author of Diving In: An Incident Responder’s Journey 📖
The Haag™ @M_haggis
10K Followers 2K Following ⚔️ Prevention Engineering at MagicSword | Co-Host of Atomics on a Friday | LOLDrivers & Atomic Red Team Maintainer
Mathias Fuchs @mathias_fuchs
3K Followers 951 Following Something with IR and Intelligence @InfoGuardAG, Certified Instructor and author @SANSInstitute (@SANSEMEA), Former Principal IR Consultant @Mandiant
Jake Williams @MalwareJake
150K Followers 2K Following Breaker of software | VP R&D @hunterstrategy | CTI/DFIR | @ians_security faculty | Bookings: jake at malwarejake dot com | GSE #150 | He/him
Eric Capuano - Bsky: ... @eric_capuano
11K Followers 3K Following Co-Founder @recon_infosec | SANS DFIR Instructor | IANS Faculty | https://t.co/yUXCSu2Yso | ⬡ ❤ @shortxstack
Brett Shavers 🙄 @brettshavers
40K Followers 954 Following Fell off a cliff. Swam with sharks. Dined with hitmen. Hung out with crime bosses. Bought and sold a ton of drugs. How the heck am I still here? #DFIR #USMC 🚓
Jeffrey Snover @jsnover
68K Followers 1K Following Jeffrey Snover: Retired/ Philosopher-Errant / PowerShell Inventor / Science geek.
DirectoryRanger @DirectoryRanger
37K Followers 102 Following This account assembles and disseminates information related to Active Directory and Windows security.
13Cubed @13CubedDFIR
8K Followers 0 Following The official account for 13Cubed. Follow @davisrichardg for my personal account.
Merill Fernando @merill
20K Followers 4K Following Ex-Microsoft PM | Tweets my own Built → https://t.co/QbUp63ffXf • https://t.co/8W7yvQi3jb • https://t.co/NFLDqDIY8h • https://t.co/tSWrIw8Ajh 📰 Newsletter→ https://t.co/tPzAEl0Zuq & https://t.co/894nfObWuU 🎙️ Podcast→ https://t.co/TBlNKTzn8t
Nathan McNulty @NathanMcNulty
18K Followers 1K Following Loves Jesus, loves others | Husband, father of 4, security solutions architect, love to learn and teach | Microsoft MVP | @TribeOfHackers | 🦋@nathanmcnulty.com
Thomas Naunheim @Thomas_Live
7K Followers 463 Following #MicrosoftMVP | Cyber Security Architect 🛡️| #MicrosoftEntra 🔑 + #Azure ☁️ | #Schaengel
Justin Elze @HackingLZ
71K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Bad Sector Labs @badsectorlabs
9K Followers 526 Following Cybersecurity news, techniques, exploits, and tools every week at https://t.co/UgKmeEEjIV 🐘 @[email protected]
Matt Zorich @reprise_99
15K Followers 2K Following @Microsoft Security | https://t.co/HWozKuixTi | Tweets are my own | 🇦🇺
LuemmelSec @theluemmel
8K Followers 594 Following I speak BloodHound. Husband, Father, IT-Guy, Security-Noob Blog: https://t.co/PXB35KEqs6 GitHub: https://t.co/Unp9jZOpBn
Fabian Bader @fabian_bader
10K Followers 890 Following #Security #Azure #AAD #MDE #M365 #AD #PKI #XDR #EntraID Microsoft MVP Tweets and opinions are my own @[email protected]
rcegan @rcegann
652 Followers 766 Following senior security engineer/threat detection lead @ mssp. Hack the planet.
Antisyphon Training @Antisy_Training
6K Followers 419 Following Antisyphon Training is here to disrupt the traditional training industry by providing high-quality and affordable education to everyone.
Elad Shamir @elad_shamir
5K Followers 27 Following
Dr. Nestori Syynimaa @DrAzureAD
21K Followers 2K Following Principal Identity Security Researcher at Microsoft. Ex-Secureworks. (MSc, MEng, PhD, CITP, CCSK). And yes, opinions are my own ;)
TROOPERS Conference @WEareTROOPERS
10K Followers 493 Following We are TROOPERS - IT-Security Conference & Trainings https://t.co/gO1lSzFuns Also at the infosec exchange @WEareTROOPERS
Br3akp0int @tccontre18
2K Followers 952 Following tweets are my own😉 Threat Researcher - interested in: (R.E, Red/Blue/Purple Team, DFIR, ML, Kernel, Exploit Dev) - https://t.co/qJyB5lIuHj
The DFIR Report @TheDFIRReport
68K Followers 0 Following Real Intrusions by Real Attackers, the Truth Behind the Intrusion
Kostas @Kostastsale
20K Followers 386 Following I like building things that solve real problems, working across cybersecurity, product, and research | 🇬🇷🇨🇦
Microsoft 365 Status @MSFT365Status
307K Followers 4 Following The official @Microsoft account for updates on certain @Microsoft365 service incidents. Get push notifications on our admin app: https://t.co/pGaOsdAblF.
Max_Malyutin @Max_Mal_
13K Followers 305 Following Threat Researcher, Blue Team, DFIR, Malware Analysis, and Reverse Engineering. “⚔️What do we say to God of malware, Not today⚔️”
Zach @svch0st
4K Followers 1K Following Everything DFIR @TheDFIRReport | @CuratedIntel | @XintraOrg https://t.co/ggakuKBS0S
Mehmet Ergene @Cyb3rMonk
14K Followers 454 Following Learn Threat Hunting, Detection Engineering, DFIR, and KQL https://t.co/uAlYlXIXot @BluRavenSec Microsoft Security MVP #ThreatHunting #DataScience
alex lanstein @alex_lanstein
3K Followers 3K Following threaty threats @ StrikeReady -- helping build research workflows into the product. pretty good at bash scripts and strings. disclosures on my linkedin below
Charlie Bromberg « ... @_nwodtuhs
16K Followers 663 Following Trying to hack the way we hack things 🏴☠️
Adrien B @Int2e_
2K Followers 97 Following Malware research and threat intel ex #DFIR responder at @Mandiant
Gigs @ Shmoo @Gigs_Security
2K Followers 715 Following not aspiring to be humble▪️ #AdvancedPractices🦅 ▪️Thoughts are my own ▪️She|Her|Gigs
Scoubi @ScoubiMtl
3K Followers 259 Following All Things BloodHound | InfoSec, Threat Hunting, Detection Engineering, DFIR and some personal stuff.
mpgn @mpgn_x64
18K Followers 236 Following Flibustier du net ̿ ̿̿'̿'\̵͇̿̿\=(•̪●)=/̵͇̿̿/'̿̿ ̿ ̿ ̿ Podcast Hack'n Speak @hacknspeak / https://t.co/GyACSFg9mw
Microsoft Power Autom... @MSPowerAutomate
70K Followers 7 Following Find the latest news and updates from the Power Platform community at @MSPowerPlat. #PowerPlatform
Panos Gkatziroulis �... @ipurple
27K Followers 826 Following Red/Purple Teamer | Blogger | Ex-Director @pentestlabltd | Mod @ https://t.co/1nzjl9KpSH | https://t.co/mIM1GA1mN4
Jonny Johnson @JonnyJohnson_
9K Followers 446 Following Windows Internals & Telemetry Research @ThePayloadPod Blog: https://t.co/MnE9BCsSnA Github: https://t.co/v7hSLq6Edz
Mauricio Velazco @mvelazco
5K Followers 2K Following Security Research @Microsoft || Purple Team || Noob
Andrew Rathbun @bunsofwrath12
3K Followers 731 Following Husband, Father, #DFIR @ Unit 42, Digital Forensics Discord Admin, AboutDFIR Contributor, Author, #USMC Veteran, Former LE, NHL Fan, Dark Mode, Animals, Music
Alyssa (she/her) @ramen0x3f
3K Followers 566 Following @ramen0x3f.bsky.social Senior Threat Researcher and Pun Aficionado @Microsoft Former research+red team+hand drawn memes @Mandiant
Krelkci @Krelkci
905 Followers 965 Following @BHInfoSecurity @DefensiveOGs @WWHackinFest @Antisy_Training Security Analyst and Researcher; Educator; SysAdmin; Strategic Security; #PurpleTeam
jordan drysdale @Rev10D
653 Followers 500 Following
CyberDefenders®™ @CyberDefenders
22K Followers 3 Following CyberDefenders™ is a training platform for #SOC analysts to learn, validate & advance #BlueTeam/#DFIR skills. Join community @https://cyberdefenders.org/discord
Joe Słowik 🌻 @jfslowik
28K Followers 1K Following CTI, OT/ICS, DE&TH, and related infosec content. Oh, and memes. And shitposting. Lots of shitposting.
Ashley - Serious Secu... @Infosec_Taylor
40K Followers 2K Following I made a Mastodon account! @[email protected]
Ryan K @meansec
7K Followers 1K Following A cyber hobo. Cycling the earth. Enjoys clicking too fast, long walks in the woods, & advocating. Hates printers. Co-Creator of the BOTS CTF, founder of SURGe
Dave Herrald @daveherrald
2K Followers 1K Following security AI leader | Databricks | Google | Splunk | former CISO | GIAC GSE #79
Adam Chester 🏴�... @_xpn_
39K Followers 545 Following Hacker for Hire at @SpecterOps | Blog at https://t.co/tjfTOlmau2 | Insta at https://t.co/PqR6CZQ48T
Bad Packets by Okta @bad_packets
51K Followers 2 Following We provide cyber #threatintel on emerging threats, DDoS botnets, and network abuse.



















