While Pandas may not care much about time then incident responders should. Timeline creation and analysis are the core activities of many deep dive digital forensics investigations. Run log2timeline/plaso on logs and other common evidence data and you’ll get a nice csv file with parsed events together with their associated time. This allows to correlateContinue reading “Super timeline initial triage with Jupyter and Pandas”
Category Archives: Respond
Analyzing binaries in place with Velociraptor and CAPA
Velociraptor aims to provide the “last step” in the process of digital forensic investigations, security monitoring and threat hunting. CAPA detects capabilities in executable files. You run it against a PE file or shellcode and it tells you what it thinks the program can do. For example, it might suggest that the file is aContinue reading “Analyzing binaries in place with Velociraptor and CAPA”
With #infosec at 💔🔐 