Olivia
Online
Yogesh Khatri
@SwiftForensics
DFIR R&D guy
Sydney, Australia
Joined June 2011
125 Following
2.4K Followers
552 Posts
Pinned Tweet
DRIFT Linux is born🐧
A #Linux distro built for #DigitalForensics & #IncidentResponse (#DFIR): a portable lab for device and disk acquisition, Web/Cloud evidence collection, and early stages of incident analysis.
https://t.co/Uti7psO2MY
#linux #cybersecurity #forensics #cyber
Video demo of the NTUSER dot MAN trick I saw floating around before the new year -- I did not know this was a thing👀 Hat tip to DeceptIQ et al.... we showcase:
1. breaking a Windows login with an empty user profile,
2. getting initial access EZPZ with a Sliver C2 implant,
3. exporting, downloading, and hijacking an existing target user profile NTUSER.DAT or HKCU Registry hive,
4. converting hives from .reg plaintext to binary with the HiveSwarming.exe tool,
5. and establishing persistence with the new backdoored NTUSER dot MAN profile we upload!
No Registry writes, API calls or registry callbacks because it's just a single file placed on disk! Kinda neat.
This is my first recording after a month break for the holidays and it was _painful_ -- lots of fails and mistakes and it took many hours 😅
I'm experimenting with MEMES in the THUMBNAIL and SHORT video TITLES to MITIGATE against CLICKBAIT
Also experimenting with longer social text promos for video releases to add more preview details and context. I no longer have to just feed algorithms, but now LLMs, too!
Feels good to get something out the door again. I hope you take a look! YouTube link: https://t.co/z2mQ0m5rzq
Who to follow
Eric Zimmerman 
@EricRZimmerman
KAPE, EZTools, forensics, X-Ways. Certified SANS instructor. FFL
Please consider supporting me:
https://t.co/pIjxED3CMx
Mari Degrazia
@maridegrazia
Digital Forensics and Incident Response Professional, SANS Instructor, Maker and VR Gamer
Phill Moore
@phillmoore
This Week in 4n6 // ThinkDFIR
https://t.co/vLyL2sgQsy
I might not know much, but I do know how to Google
Tweets are mine
Introducing Phorion. A modern EDR platform purpose-built for macOS.
Because security teams shouldn’t have to settle for Windows-first tools. 🛡️🍎
🧵
Hi, #DFIR guys,
I am developing a new forensic tool for parsing journal data of #Linux filesystems (not systemd journal logs).
It can not only parse filesystem journals but also generate timeline events for DFIR.
This tool currently supports only EXT4, but I plan to add support for XFS as well.
Additionally, it can detect suspicious activities such as timestomping.
The tool is still incomplete, so it will take at least a few more weeks before the first release.
There seemed to be enough interest so I decided to do a write up on what I have found about OneDrive Offline Mode. Hate to burn a forensic artifact but I’m concerned about what Microsoft feels is secure. #DFIR
https://t.co/fMJhCCBWs5
Happy New Year! 🎉🥳 The first 13Cubed episode of 2025 is here! Let's explore some groundbreaking research from CyberCX on “rewinding the NTFS USN Journal.” https://t.co/I58MqTkg8n #DFIR
@gpresman @chadtilbury @antoniosanzalc Sorry about that, silly corp policy on geo blocking. Try this:
https://t.co/xqhJUR8aIb
@GalloDu link to code https://t.co/8GXpjMspCk
@GalloDu Sorry not sure why your location is blocked on corp website. Try this
https://t.co/xqhJUR8IxJ
@Songrongn @KevinPagano3 No idea, but it does sometimes. Also, forgot to mention, I wrote a Velociraptor artifact to pull this information out.
https://t.co/qSJV74Ifx3
https://t.co/GfbjlvCNkv
Windows Thumbnail caches are a mostly unused artifact. Did you know they can point to paths on external systems? (Yes path embedded in thumbcache file, not from win search db) Can be helpful when threat actors actively delete logs and other artifacts! #DFIR
@unkn0wnbit Thanks for updating mac_apt.
Hey #DFIR & #Malware community. A memory forensics case were you are required to analyze a memory dump of a Windows 10 system that has been hit with a #Ransomware. Let the games begin. Please share!
$100 bounty will be paid to whoever solves this case! https://t.co/5CCU5nDxWg
Last Seen Users on Sotwe
Tektah
Seen from United Kingdom
틱톡 TikTok Korea
Seen from Turkey
Phim Gây Việt
Seen from Vietnam
mujib
Seen from Indonesia
nalea
Seen from Turkey
24HR ANAL
Seen from Netherlands
STARGIRL 🇮🇳
Seen from India
Roxas
Seen from South Africa
Parking tepi
Seen from Malaysia
فحل يمني رومنسي
Seen from Algeria
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers