Olivia
Online
Cyber Triage
@cybertriage
Digital Forensics and incident response software for endpoint investigations. Built by @sleuthkitlabs and Brian Carrier (@carrier4n6).
Cambridge, MA.
Joined December 2014
389 Following
4.2K Followers
726 Posts
Cyber Triage 3.16 is out:
Investigate Faster with *Enterprise*
Read Brian Carrier’s release blog: https://t.co/iHw1Gr7VtV
Interested in trying Enterprise? Contact us: https://t.co/Hq9aGsVum1
Kerberoasting and its artifacts.
From attack breakdown to behavior detection. A detailed process walk-through by Chris Ray (@cybertriage)
Source: https://t.co/8l9zQmfJhK
#redteam #blueteam #maldev #malwaredevelopment
DFIR is changing fast.
How do investigators adapt their approach to stay effective?
Today, 11 AM EST, Blake Regan and Brian Carrier debate when and when *not* to use EDR in DFIR, plus provide tools + techniques to use in modern investigations.
Register: https://t.co/3UVB1gy0nd
To EDR or not EDR?
That’s the investigator’s question.
Next Thursday, Blake Regan and Brian Carrier will tackle that and other questions facing SOC and IR teams trying to adapt to emerging threats and evolving tech.
Register here: https://t.co/3UVB1gyycL
Who to follow
Eric Zimmerman 
@EricRZimmerman
KAPE, EZTools, forensics, X-Ways. Certified SANS instructor. FFL
Please consider supporting me:
https://t.co/pIjxED3CMx
DFRWS
@DFRWS
The Digital Forensics Research Conference is dedicated to the sharing of knowledge and ideas about digital forensics research.
13Cubed
@13CubedDFIR
The official account for 13Cubed. Follow @davisrichardg for my personal account.
New DFIR Research:
Pulseway (RMM) Abuse ⤵
Our team recently observed a threat actor using Pulseway for remote access and gaining full control of a system.
Read @MikeWilko's research + investigation tips from the case: https://t.co/lbK16c5mV4
85% of attacks use LOTL
The Socrates of SOC investigations teaches his best approach⤵
This Thursday, Wade Wells, detection and response expert, shares:
→ War stories
→ Investigation approach
→ Top 3 tips for elite endpoint triage
Register: https://t.co/cfWvc7iTYt
Catch DFIR’s Con Artists
Thursday’s RMM masterclass:
→ Commonly abused RMM tools
→ DFIR artifacts they leave behind
→ Insights from those artifacts
→ How to investigate
With Professor Mike Wilkinson
Register: https://t.co/0IhP613O4x
Keep your eye on AnyDesk.
Learn how to investigate suspicious AnyDesk use from Chris Ray: https://t.co/JfFSUX03Qg
P.S. Share this post to help other DFIR pros!
RMMs: The Perfect Diguise.
And attackers will get away with it, unless you learn to unmask them.
Next Thursday, @MikeWilko will teach you just that.
Register: https://t.co/0IhP613O4x
Free your mind:
Automate your DFIR.
Tomorrow, join @carrier4n6 and Chris Ray as they demo the new Defender → Cyber Triage automation.
Register: https://t.co/Bh7kbSIwwV
Our 3 Best DFIR Blogs of 2025
(Ranked by views) ⤵
#1 Registry Forensics Cheat Sheet: https://t.co/N1GMTeyjXd
#2 WMI Malware Forensics Guide: https://t.co/tY5Lfm8ZhM
#3 NTUSER.DAT Forensics: https://t.co/cVl3zRfBEz
P.S. Share this post to help other DFIR pros!
New DFIR Research:
Chris Ray’s comprehensive list of LogMeIn artifacts ⤵
→ Windows events
→ Registry keys
→ Exe names
→ Domains
→ Log files
→ Folders
Right here: https://t.co/SbQtddNfPS
P.S. Share this post to help other DFIR pros!
New SOC DFIR Automation ⤵
CyberTriage 3.15 can automatically pull + analyze Defender data.
See it live with @carrier4n6 and Chris Ray on September 11.
Register: https://t.co/Bh7kbSIwwV
Learn AI basics in DFIR:
→ AI + LMMs in DFIR overview
→ When to apply AI to investigations
→ Live demo of LLM + Cyber Triage
Join experts @carrier4n6 and @sidprobstein tomorrow!
Register: https://t.co/rd91SZtJlW
Save this DFIR mini series:
Jump Lists 2025 ⤵
→ What Is a Jump List: https://t.co/QBdOOrxMp4
→ Jump List Forensics: https://t.co/KirOSHBlM3
→ Jump Lists Cache: https://t.co/xsQeWgcRII
P.S. Share this post to help other DFIR pros!
AI in DFIR has “levels”
Only one doesn’t involve the investigator:
Level 4
The ideal:
→ Full automation (level 4) for low-risk decisions.
→ Recommendation (level 3) for higher risk decisions.
AI in digital investigations.
Learn the basics from these 2 “guys”:
→ @carrier4n6
→ @sidprobstein
Register now: https://t.co/rd91SZuhbu
Save this DFIR series:
Windows Registry Forensics 2025 ⤵
→ Registry Forensics 2025: https://t.co/s1ZAI2DcEQ
→ Forensics Cheatsheet: https://t.co/HR4S5Ie1Tz
→ Forensics Tools: https://t.co/22C2gxyA42
P.S. Share this post to help other DFIR pros!
Understand investigation automation.
@carrier4n6’s framework: https://t.co/WTtWvtEqEN
You can test all 3 automation types with Cyber Triage.
Trial copy: https://t.co/5hjLypGWyL
Philosoraptor’s easiest question yet!
And creators, Mike Cohen and Brian Carrier, explain how to this Thursday.
With this integration, Velociraptor scans thousands of endpoints, and Cyber Triage dives into ~20 where the attacker was active.
To register: https://t.co/cPtVx6cpI9
Last Seen Users on Sotwe
Japanese Lesbian 👅
Seen from Indonesia
Caio Alvarenga $3 onlyfans
Seen from Brazil
Momincest
Seen from Pakistan
minie Loona
Seen from Indonesia
lorl-king
Seen from United States
taka
Seen from Japan
afiqqq
Seen from Indonesia
Türk Gay Videolar
Seen from Turkey
Türk Ve Amatör
Seen from Turkey
الوحش ليبي 🇱🇾
Seen from Netherlands
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers