What's on My DFIR Box?

preview_player
Показать описание
By popular request, this episode provides a walkthrough of the hardware and software I utilize for my digital forensic workstation. While this is probably more beneficial for people new to the DFIR field, I suspect it will still be interesting to a wide range of viewers.

📖 Chapters

00:00 - Intro
01:42 - Windows Subsystem for Linux (WSL) 2
03:18 - Windows Terminal
04:39 - Sysinternals Suite
05:31 - Microsoft PowerToys
06:20 - DCode
07:04 - FTK Imager
07:31 - PST Walker
08:53 - Arsenal Image Mounter
09:35 - Hibernation Recon
10:05 - Kroll Artifact Parser and Extractor (KAPE)
10:42 - NirSoft Tools
11:49 - X-Ways Forensics
12:19 - Eric Zimmerman Tools
14:09 - Chainsaw
14:21 - INDXRipper
14:26 - RegRipper
15:09 - balenaEtcher
15:49 - Sysinternals Suite (RDCMan)
17:12 - Visual Studio Code

#HomeLabs #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
  1. 13Cubed
  2. forensics
  3. digital forensics
  4. DFIR
  5. Windows Subsystem for Linux (WSL) 2
  6. Windows Terminal
Рекомендации по теме
What's on My 0:18:30

What's on My DFIR Box?

REAL / FAKE 0:00:20

REAL / FAKE #beatbox #TeamREAL

Doing This Will 0:00:47

Doing This Will Reset Your Car’s Computer and Fix It for Free

Unboxing and Reviewing 0:00:14

Unboxing and Reviewing My New Amazon Mattress-in-a-Box

Children's Day I 0:00:21

Children's Day I arranged this makeup gift box for my daughter who loves to be beautiful.

Minimalist Organization for 0:00:16

Minimalist Organization for Minimalism Lifestyle With Ikea Storage Boxes for My Bedroom!

This Rock Fooled 0:00:47

This Rock Fooled Everyone for 30 YEARS!

SCARLET AND VIOLET 0:14:22

SCARLET AND VIOLET BOOSTER BOXES ARE COMING FOR SWORD AND SHIELD!!

Everybody Wants This, 0:30:59

Everybody Wants This, But Can’t Have It

the xbox one 0:00:22

the xbox one has a hidden button too

I Got My 0:00:07

I Got My Hands on the RAREST Sonic.EXE Figure in Box!

Making Starburst School 0:00:22

Making Starburst School Supplies #shorts

Is YOUR Coolant 0:00:40

Is YOUR Coolant Going Down But NO Leak | Bad radiator CAP Signs | #Shorts

[ENG SUB]✨Taking the 2:30:36

[ENG SUB]✨Taking the Wrong Box of My Crush: A Catalyst for Destined Romance #DRAMA #PureLove

3D Printed Oreo 0:00:11

3D Printed Oreo Cookie with a Surprise

What I packed 0:00:41

What I packed today for my circus! Lunch box day!

“I'm not a 0:00:15

“I'm not a Minecraft dirt block..”

How To Make 0:00:31

How To Make Custom Trigger Stops For *FREE*... #Shorts

POPE FRANCIS Spirit 0:10:25

POPE FRANCIS Spirit Box - IT WAS ALL PLANNED! I Ask About JESUS & GOD! | (JAW-DROPPING)

Cutting Open Color 0:00:30

Cutting Open Color Changing Stress Ball! #shorts

3 things to 0:00:22

3 things to never do after the power goes out.

Jack Loves Chicken 0:00:14

Jack Loves Chicken Nuggets #shorts

A CAPRICORN?! #Shorts 0:00:17

A CAPRICORN?! #Shorts

My poor Hina 0:00:22

My poor Hina is heartbroken 😭💔 - Blue Box

Комментарии
Автор

Within our community, we're often met with smoke screens or 'it depends' answers on how to get started. A quick walkthrough of your base tooling is exceptional, and I hope this video receives multitudes of views from aspiring, junior, mid, and even senior-level DFIR folks. - Thank you for sharing with all of us!

alexismerritt
Автор

Please make a video on X-ways using various X-tensions for analysis

satyammishra
Автор

I love powertoys, particularly for the FancyZones

Lokiwho
Автор

Great video! Definitely a treasure trove of awesome tools!

Got any tools for analyzing files found in macOS and iOS such as SQLite databases and Plist files? I like DB Browser for SQLite.

CookieBrainSlug
Автор

Any hex editor that you use or recommend? Free or paid.

cozawone
Автор

Quick question! Why not magnet axiom? :O

cheesee
Автор

*slaps computer case* you wont be able to afford this

TankCatIntoMordor
Автор

Thanks for the thorough explanation!
So do you have personal information on this PC such as logged in sessions to your email, microsoft account etc? Are you using this PC for personal use as well?
Additionally, where and how do you analyze/run malware? (statically and dynamically)?
finally, do you know how can I RDP to malware forensics box without jeopardizing my own personal laptop?
Thanks!

avihayl
Автор

Have you tried running the 980 pros in RAID 0?- I've been really happy with that with my r9 5950x system.

TurbYoda
Автор

How about MacBook Pro M1 Chip - using Windows along side as dual boot - would that be good enough for a DFIR Box or a separate Windows laptop is necessary?

centralcybersecurity
Автор

Interesting, so you don't run your tools in a VM?

PrinterJamOnToast
Автор

Why such a beefy GPU for a forensics box? The only thing I can think of is password cracking (a single 3090 is not ideal for this outside of some basic NTLMv1 hashing). Do you game on this device? Would you dual boot two instances of Windows 11?

Genuinely curious, I have always gone the prebuild HP Z workstation route for the higher core Xeon boxes and then midrange GPUs (2060/3060) for some CUDA stuff that tools like Magnet Axiom can use for image recognition or other light GPU beneficial workloads.

jh