- awesome-memory-forensics
- forensics-samples
- https://www.netresec.com/?page=PcapFiles
- CERT-SE(瑞典國家CERT)
- CERT-SE 關於目前資料外洩案件的技術建議 (B 8322-16)
- PCAP file with PowerShell Empire (TCP 8081) and SSL wrapped C2 (TCP 445) traffic from CERT.SE's technical writeup of the major fraud and hacking criminal case "B 8322-16". https://drive.google.com/open?id=0B7pTM0QU5apSdnF0Znp1Tko0ams
- https://www.dropbox.com/sh/4qfk1miauqbvqst/AAAVCI1G8Sc8xMoqK_TtmSbia?dl=0
- On August 9th David Cowen (HECFBlog) announced the 2019 Unofficial Defcon DFIR CTF was going live which had been provided by the Champlain College’s Digital Forensic Association. The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox Forensics, Linux Forensics, Memory Forensics, and a Live VM to Triage.
- 全部解完 https://www.jaiminton.com/Defcon/DFIR-2019/#
- Category 1: DFA Crypto Challenge ==> a cryptography challenge 破密分析
- Category 2: Deadbox Forensics ==> WINDOWS FORENSICS
- FTK Imager + Autopsy
- Category 3: Linux Forensics == > imega: Kali linux ==> 使用FTK imager 分析
- Category 4: Memory Forensics == > Triage-Memory
- Category 5: Triage VM Questions
- https://medium.com/@ozan.unal/defcon-dfir-ctf-2019-writeup-38f168eda56b
- https://blog.1234n6.com/2019/08/2019-unofficial-defcon-dfir-ctf-writeups.html
- https://www.senturean.com/posts/19_09_17_defcon_dfir_ctf/
- Triage-Memory.mem(WINDOWS 7) 解答 https://www.petermstewart.net/defcon-2019-dfir-ctf-memory-forensics-write-up/
- https://www.ashemery.com/dfir.html
- Challenge #1:Web Server Case
- Challenge #2:User Policy Violation Case
- Challenge #3:Mystery Hacked System
- Challenge #4:Launching Attacks from Alternate Data Streams
- Challenge #5:Launching Attacks from Alternate Data Streams
- Challenge #6:Browser Policy Violation Case
- Challenge #7:SysInternals Case
- Challenge #8:NTFS File System Case
- Challenge #9:Encrypt Them All Case
- Challenge #10:Meeting Location Case
- Memory Forensics #01:RansomCare Investigation Case 1
- Linux Forensic https://linuxdfir.ashemery.com/Workshops/
- These are four different cases to cover Linux forensic investigations and a brief could be found below:
- Case1: Compromised Web Server
- Case2: Compromised Hadoop (HDFS) Cluster
- Case3: Attacker's Kali Linux System
- Case4: Investigating/Hunting Hidden Processes
- Linux Forensics Workshop @ DFRWS USA 2023