Useful

This section provides a wide variety of helpful online resources that have been pulled from blogs, repositories, tutorials, guides, papers and other research material. The resources listed here are primarily based around DFIR and provide a useful reference or starting point for learning more about a particular area.

.

Awesome Forensics

https://github.com/cugu/awesome-forensics

A GitHub repository containing a wealth of information about open-source forensic analysis tools and other resources.

.

Awesome Incident Response

https://github.com/meirwah/awesome-incident-response

A GitHub repository containing a curated list of tools and resources focused on information security, Incident Response and Digital Forensics.

.

Awesome Malware Analysis

https://github.com/rshipp/awesome-malware-analysis

A GitHub repository containing a curated list of resources and tools focused on Malware Analysis.

.

Awesome PCAP tools

https://github.com/caesar0301/awesome-pcaptools

A GitHub repository containing a collection of tools used for network analysis; includes Linux commands, network traffic capture tools and more.

.

Computer Forensic Tutorials

http://www.hackingarticles.in/best-of-computer-forensics-tutorials/

A long list of digital forensic tutorials covering a wide range of topics from the usage of a particular tool, to performing forensic analysis on a platform like Kali Linux.

.

DFIR Forms, Policies and Procedures

https://www.joshmoulin.com/digital-forensics-incident-response-forms-policies-and-procedures/

A good list of policies, technical manuals, forms and templates aimed at Digital Forensic and Incident Response professionals.

.

Digital Investigation Journal

https://www.sciencedirect.com/journal/digital-investigation/issues

An archive of previously published papers in the official Digital Investigation journal which cover a variety of useful topics.

.

Forensically

https://29a.ch/photo-forensics

A very useful online photo forensics analysis tool which can perform image noise analysis, clone detection, EXIF data extraction and more.

.

Linux Kernel Exploitation

https://github.com/xairy/linux-kernel-exploitation/blob/master/README.md

A GitHub repository containing a comprehensive list of exploits, both historical and current, affecting the Linux kernel.

.

Linux LEO

https://linuxleo.com/Docs/linuxintro-LEFE-4.33.pdf

A fantastic paper providing a comprehensive look at using the Linux Operating System as a Digital Forensic platform.

.

Mac Forensics

https://github.com/pstirparo/mac4n6

A GitHub repository containing a collection of forensic artifacts commonly found on MacOS and iOS devices.

.

Malware Zoo

https://github.com/ytisf/theZoo

A GitHub repository containing a large list of LIVE malware samples to be used for analysis or educational purposes.

.

Mobile Incident Response

https://github.com/nowsecure/mobile-incident-response/tree/master/en

A GitHub repository providing a very in-depth look at Incident Response for Android and iOS devices.

.

National Software Reference Library (NSRL)

https://www.nist.gov/software-quality-group/national-software-reference-library-nsrl

The official NSRL website containing large hash-sets for files to be used for triaging and eliminating non-important files from a large set of data (known as ‘data scrubbing’).

.

Programming Books

https://github.com/EbookFoundation/free-programming-books/blob/master/free-programming-books.md

A GitHub repository containing a very large collection of books and other resources covering a large variety of programming languages.

.

Red-Team Toolkit

https://github.com/infosecn1nja/Red-Teaming-Toolkit/blob/master/README.md

A GitHub repository containing a collection of open-source and commercial tools used for red-team operations.

.

Reverse Engineering Malware

https://securedorg.github.io/

A great online resource for beginners covering the reverse engineering of malware.

.

Sandbox Cheat Sheet

http://unprotect.tdgt.org/images/2/23/Sandbox-Cheatsheet-1.1.pdf

An online resource providing a specialised cheat sheet for protecting a sandboxed environment from malware utilising anti-analysis techniques.

.

SANS Hunt Evil Poster

https://digital-forensics.sans.org/media/SANS_Poster_2018_Hunt_Evil_FINAL.pdf

An official poster created by SANS DFIR covering Windows process genealogy and common threat-based artifacts on Windows systems.

.

SANS Reading Room

https://www.sans.org/reading-room

A collection of papers on the official SANS website covering a wide range of topics, from Digital Forensics to threat hunting.

.

Vehicle Security

https://github.com/wtsxDev/Vehicle-Security

A GitHub repository featuring a curated list of resources focused on vehicle security and car hacking.

.

Volatility Command Reference

https://github.com/volatilityfoundation/volatility/wiki/Command-Reference

The official GitHub repository of the Volatility project containing a useful reference list of commands for use with the Volatility memory analysis tool.

.

Volatility Memory Samples

https://github.com/volatilityfoundation/volatility/wiki/Memory-Samples

Another helpful resource from the official GitHub repository for Volatility containing a list of memory samples from a range of systems available to download for testing purposes.