The Hitchhiker’s Guide to DFIR: Experiences From Beginners and Experts

Table of Contents
Authors
	Andrew Rathbun
	ApexPredator
	Barry Grundy
	Guus Beckers
	Jason Wilkins
	John Haynes
	Kevin Pagano
	Nisarg Suthar
	s3raph
	Tristram
Contributors
Chapter 0 - Introduction
	Purpose of This Book
	Community Participation
	Final Thoughts
Chapter 1 - History of the Digital Forensics Discord Server
	Introduction
	Beginnings in IRC
	Move to Discord
	Mobile Forensics Discord Server  Digital Forensics Discord Server
	Member Growth
	Hosting the 2020 Magnet Virtual Summit
	Community Engagement Within the Server
	Impact on the DFIR community
	Law Enforcement Personnel
	Forensic 4:cast Awards
	Future
	Conclusion
Chapter 2 - Basic Malware Analysis
	Introduction
	Basic Malware Analysis Tools
	Basic Malware Analysis Walkthrough
	Analysis Wrap-Up
	Conclusion
Chapter 3 - Password Cracking for Beginners
	Disclaimer & Overview
	Password Hashes
	Useful Software Tools
	Hash Extraction Techniques
	Hash Identification
	Attacking the Hash
	Wordlists
	Installing Hashcat
	``Brute-Forcing\'\' with Hashcat
	Hashcat\'s Potfile
	Dictionary (Wordlist) Attack with Hashcat
	Dictionary + Rules with Hashcat
	Robust Encryption Methods
	Complex Password Testing with Hashcat
	Searching a Dictionary for a Password
	Generating Custom Wordlists
	Paring Down Custom Wordlists
	Additional Resources and Advanced Techniques
	Conclusion
	References
Chapter 4 - Large Scale Android Application Analysis
	Overview:
	Introduction:
	Part 1 - Automated Analysis
	Part 2 - Manual Analysis
	Problem of Scale:
	Part 3 - Using Autopsy, Jadx, and Python to Scrap and Parse Android Applications at Scale
Chapter 5 - De-Obfuscating PowerShell Payloads
	Introduction
	What Are We Dealing With?
	Stigma of Obfuscation
	Word of Caution
	Base64 Encoded Commands
	Base64 Inline Expressions
	GZip Compression
	Invoke Operator
	String Reversing
	Replace Chaining
	ASCII Translation
	Wrapping Up
Chapter 6 - Gamification of DFIR: Playing CTFs
	What is a CTF?
	Why am I qualified to talk about CTFs?
	Types of CTFs
	Evidence Aplenty
	Who\'s Hosting?
	Why Play a CTF?
	Toss a Coin in the Tip Jar
	Takeaways
Chapter 7 - The Law Enforcement Digital Forensics Laboratory
	Setting Up and Getting Started
	Executive Cooperation
	Physical Requirements
	Selecting Tools
	Certification and Training
	Accreditation
Chapter 8 - Artifacts as Evidence
	Forensic Science
	Types of Artifacts
	What is Parsing?
	Artifact-Evidence Relation
	Examples
	References
Chapter 9 - Forensic imaging in a nutshell
	What is a disk image?
	Creating a disk image
	Memory forensics
	Next Steps and Conclusion
Chapter 10 - Linux and Digital Forensics
	What is Linux?
	Why Linux for Digital Forensics
	Choosing Linux
	Learning Linux Forensics
	Linux Forensics in Action
	Closing
Errata
	Reporting Errata