Mike Wilkinson's Avatar

Mike Wilkinson

@dfirmike

#DFIR investigator & trainer.

34
Followers 125
Following 2
Posts 03.12.2024
Joined
Posts Following

Latest posts by Mike Wilkinson @dfirmike

Post image

Learn from 4 IR experts on how they do Endpoint Triage.

Apr 17.

I'll MC and you'll hear from @keydet89.bsky.social (Huntress), Kai Thomsen (Dragos), @dfirmike.bsky.social (Sleuth Kit Labs) and Quinnlan Varcoe (Blueberry Security).

See you there!

register.gotowebinar.com/register/600...

01.04.2025 16:04 ๐Ÿ‘ 2 ๐Ÿ” 1 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
Alert Triage vs Endpoint Triage: What SOCs Need to Know As we talk to corporate security teams about how they respond to incidents and EDR alerts, we find it useful to highlight the Endpoint Triage step in

For those in the #SOC: Alert Triage vs Endpoint Triage

Blog post that is part of our Endpoint Triage series.

Alert triage focuses on validating and prioritizing the EDR/SIEM alert.

Endpoint triage focuses on prioritizing the host. How bad is it?

www.cybertriage.com/blog/alert-t...

21.03.2025 13:38 ๐Ÿ‘ 4 ๐Ÿ” 4 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
Autopsy - Autopsy 4.22.0: BitLocker Support, Cyber Triage Sidecar, Library Updates Autopsy 4.22.0 includes BitLocker support, ability to run alongside Cyber Triage, and updates to lower-level libraries.

Anyone looking for a free open source forensic tool that can mount bitlockered disk images? If so check out the new release of Autopsy. www.autopsy.com/autopsy-4-22...

12.03.2025 13:32 ๐Ÿ‘ 1 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
Information Artifacts: Simplify DFIR Analysis Do you know the differences between MUICache, ShimCache, AMCache, and PMCache without the help of Google? Did you know that one of them is made up?

We're using the term "Information Artifacts" for high-level #DFIR concepts like "Processes" and "Inbound Logins". I think they are easier to train than low-level Prefetch, UserAssist etc. (i.e. Data Artifacts). Those map to an Info Artifact (Prefetch -> Process).

www.cybertriage.com/blog/informa...

27.01.2025 17:30 ๐Ÿ‘ 4 ๐Ÿ” 1 ๐Ÿ’ฌ 1 ๐Ÿ“Œ 0
RBTALKS5: How Pfizer uses AI to detect insider risk - Risky Business RBTALKS5: How Pfizer uses AI to detect insider risk

This is a fascinating interview from @campuscodi.risky.biz about the actual productive use of LLMs in combating insider threats. Well worth the listen for a conversation around AI without a bunch of marketing BS. risky.biz/RBTALKS5/

20.12.2024 14:09 ๐Ÿ‘ 0 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
3.13 Adds MemProcFS and Extends the S3 and Recorded Future Sandbox Integrations Our holiday gift this year is some frequently requested features that came out in the 3.13 release: MemProcFS to support Windows 10 and 11 images

Cyber Triage 3.13 is the holiday gift youโ€™ve been waiting for:

Integrations that make you faster.

โ†’ MemProcFS integration
โ†’ Expanded S3 integration
โ†’ Detailed sandbox report

Complete 3.13 release notes: www.cybertriage.com/blog/release...

19.12.2024 22:56 ๐Ÿ‘ 10 ๐Ÿ” 4 ๐Ÿ’ฌ 1 ๐Ÿ“Œ 0