Renzon Profile picture
DFIR | Co-Founder @guidemtraining | x5 SANS GIAC | Blue Team Content Dev @hackthebox_eu | Speaker @Defcon BTV, x3 BSides, @northsec_io | Member @_hackstreetboys
23 Nov
1\ #dfirtips #dfir #infosec

Windows Event Logs can be daunting especially if it's a lot. No one can actually sit in front of their computer to check each of those logs one by one thru a manual approach. Here are some of the newest EVTX tools that can really save our lives as IR
2\ #Zircolite can be very useful where you can use your favorite sigma rules to detect bad stuff

github.com/wagga40/Zircol…
3\ #Chainsaw is such a wonderful tool and it's SO FAST! Whatever EVTX logs you have during your engagement, you can literally get a result in a few minutes. Shoutout to @countercept for having this for free to us!

github.com/countercept/ch…
Read 8 tweets
20 Nov
Dealing with a bunch of memory #forensics lately so I just dump fairly new tools that are useful to all #dfir #incidentresponse out there:
MemProcFS - convenient and easy to use
BulkExtractor - extracts everything into a text file and grep it
SuperMem - CS tool for quick triage
Read 4 tweets