DFIR Resources

Looking to keep a ‘live’ list of resources that I can refer back to when I have time to do some research. If anyone has any recommendations, please let me know.

EQL Threat Hunting by Joshua Wright

The Event Query Language (EQL) is a standardized query language (similar to SQL) to evaluate Windows events. Written by Ross Wolf, EQL is an amazing tool to normalize Windows log events for consistent access and query.

In practice, EQL is most effective when working with Windows Event Log and Sysmon logging data as part of your threat hunting tactics. In this article I’ll demonstrate some ways to get started with EQL to assess the tactics of an attacker from a compromised system.


Defcon DFIR CTF 2018 Open to the Public by David Cowen

Taken from the page: This year at Defcon we made things interesting with a challenge that involves making your way through 3 images to answer questions and solve a case. Now that Defcon is over and the winners awarded it’s your turn to give the challenge a try.



DFIR Review responds to the need for a focal point for up-to-date community-reviewed applied research and testing in digital forensics and incident response. DFIR Review concentrates on targeted studies of specific devices, digital traces, analysis methods, and criminal activity


Honeynet Project Challenges

The Honeynet Project goal is to improve the security of the Internet by sharing lessons learned about the most common threats. We deploy honeynets all around the world, capture attacks in the wild, analyze this information and share our findings. Based on this information, the security community can better understand the threats they face and how to defend against them.


SANS Digital Forensics & Incident Response Challenge

Digital forensic professionals routinely have to deal with advanced threats such as the APT and organized crime. Understanding how many of these crimes take place is crucial to creating lethal forensicators armed with the knowledge and skills to analyze complex cases.


This Week In 4n6 Forensics Blog

Your weekly roundup of Digital Forensics and Incident Response news


Computer Forensic Reference Data Sets (CFReDS) Project

NIST is developing Computer Forensic Reference Data Sets (CFReDS) for digital evidence. These reference data sets (CFReDS) provide to an investigator documented sets of simulated digital evidence for examination. 


Forensic Focus

For EDiscovery and Forensics Professionals


NIST List of Forensic Tools

The primary goal of the Tool Catalog is to provide an easily searchable catalog of forensic tools and techniques. This enables practitioners to find tools and techniques that meet their specific technical needs. The Catalog provides the ability to search by technical parameters based on specific digital forensics functions, such as disk imaging or deleted file recovery. Note: information is provided by the developer. Any mention of commercial or non-commercial products is for information only and does not imply that a product has been tested.


Leave a Reply

Your email address will not be published. Required fields are marked *