Skip to content
No results
  • Home
  • Blogs
    • Internal
      • Blog Posts
      • DFIR Jobs Updates
    • External
      • Palo Alto Networks
        • This DFIR Team Is The Place To Be!
      • Kroll
        • Sophisticated Anti-Forensic Tactics and How To Spot Them
        • Anti-Forensics: Timestomping Overview
        • Timestomping a File with NewFileTime
        • Detecting and Analzying Timestomping Using KAPE and Timeline Explorer – $MFT
        • Identifying Indicators of Timestomping with .LNK Files
  • Resources
    • CTFs & Labs
    • CTI
    • Research
    • Tools
    • Training
  • DFIR Jobs
    • DFIR Jobs Board
    • Submit a Job
  • Who We Are
    • Fabian Mendoza
    • Josibel Mendoza
DFIR Dominican
  • Home
  • Blogs
    • Internal
      • Blog Posts
      • DFIR Jobs Updates
    • External
      • Palo Alto Networks
        • This DFIR Team Is The Place To Be!
      • Kroll
        • Sophisticated Anti-Forensic Tactics and How To Spot Them
        • Anti-Forensics: Timestomping Overview
        • Timestomping a File with NewFileTime
        • Detecting and Analzying Timestomping Using KAPE and Timeline Explorer – $MFT
        • Identifying Indicators of Timestomping with .LNK Files
  • Resources
    • CTFs & Labs
    • CTI
    • Research
    • Tools
    • Training
  • DFIR Jobs
    • DFIR Jobs Board
    • Submit a Job
  • Who We Are
    • Fabian Mendoza
    • Josibel Mendoza
DFIR Dominican

How To Break Into DFIR (Part 3 of 5) – Windows Memory Forensics

Part 3 of a 5 part blog series that will help guide those looking to break into the DFIR field.

  • Fabian MendozaFabian Mendoza
  • May 16, 2025
  • dfirmemorywindows
Read MoreHow To Break Into DFIR (Part 3 of 5) – Windows Memory Forensics

How To Break Into DFIR (Part 2 of 5) – Windows Forensics

Part 2 of a 5 part blog series that will help guide those looking to break into the DFIR field.

  • Fabian MendozaFabian Mendoza
  • February 21, 2025
  • artifactsdfirgiacsanswindows
Read MoreHow To Break Into DFIR (Part 2 of 5) – Windows Forensics

The Key to Identify PsExec

Learn about new methods of identifying PsExec and the source host it was executed from.

  • Fabian MendozaFabian Mendoza
  • August 26, 2024
  • artifactsdfirpsexecwindows
Read MoreThe Key to Identify PsExec

Copyright © 2025 - DFIR Dominican