https://bsky.app/profile/carrier4n6.bsky.socialhttps://bsky.app/profile/carrier4n6.bsky.social/post/3lwtsvhonlk2d#DFIR Automation Series I use 4 levels of automation ranging from none to fully automated. I think an ideal solution is to use full automation for low risk decisions. And recommendations for higher risk. We use recommendations in Cyber Triage by scoring each artifact. You ultimately decide.20 Aug 2025 16:10 +0000at://did:plc:i56ryptuywjrwthm3h4d7dpb/app.bsky.feed.post/3lwtsvhonlk2dhttps://bsky.app/profile/carrier4n6.bsky.social/post/3lwc53yrr7227I'm super excited for this webinar. Sid is a super smart AI / LLM guy and it will be a good session to learn how to use AI in #DFIR and what's hype. We'll also show Cyber Triage hooked up to an LLM so that you can query artifacts. [contains quote post or other embedded content]13 Aug 2025 15:25 +0000at://did:plc:i56ryptuywjrwthm3h4d7dpb/app.bsky.feed.post/3lwc53yrr7227https://bsky.app/profile/carrier4n6.bsky.social/post/3lwc4o3jsms27Digital forensics has always relied on automation and "push buttons". What's changed is how many things we automate and the technologies used. No one ever chose to manually parse FAT12 floppy drives with a hex editor when they could have a tool list out the file names.13 Aug 2025 15:17 +0000at://did:plc:i56ryptuywjrwthm3h4d7dpb/app.bsky.feed.post/3lwc4o3jsms27https://bsky.app/profile/carrier4n6.bsky.social/post/3lvnzmkk6fk2uAdding automation to your #DFIR investigations means you have less decisions to make. Get rid of the tedious work! Focus on the fun stuff! Here are my three thoughts on the most effective ways to add automation and which tools do them. What are yours? https://www.cybertriage.com/blog/3-ways-to-make-digital-investigations-faster-with-automation/05 Aug 2025 15:29 +0000at://did:plc:i56ryptuywjrwthm3h4d7dpb/app.bsky.feed.post/3lvnzmkk6fk2uhttps://bsky.app/profile/carrier4n6.bsky.social/post/3lolqtqv25s2bWebinar Tomorrow - Automation and AI in DFIR and the SOC. Myself, Sentinel1, and CompassMSP will talk about pros/cons of automating DFIR and SOC tasks. Come tell us we're wrong! May 8. 11AM Eastern. https://register.gotowebinar.com/register/6725661396735089756?source=BC07 May 2025 15:51 +0000at://did:plc:i56ryptuywjrwthm3h4d7dpb/app.bsky.feed.post/3lolqtqv25s2bhttps://bsky.app/profile/carrier4n6.bsky.social/post/3loj4f5b2pk2nNew Cyber Triage release with: * New UIs to give you an overview of the endpoint * Hyabusa integration * Baseline * Public key encryption on collector * LOTS more.... Blog and Download Link: https://www.cybertriage.com/blog/3-14-release-brings-new-uis-hayabusa-baselining-and-much-more/06 May 2025 14:39 +0000at://did:plc:i56ryptuywjrwthm3h4d7dpb/app.bsky.feed.post/3loj4f5b2pk2nhttps://bsky.app/profile/carrier4n6.bsky.social/post/3lo4mtedgg22bEDR Evasion 101 - Blocking Data needs to get to the EDR server to be analyzed for attacks. Blocking techniques prevent data from getting to the server. Example: Network filter to block packets destined to the server. www.cybertriage.com/edr_evasion01 May 2025 15:29 +0000at://did:plc:i56ryptuywjrwthm3h4d7dpb/app.bsky.feed.post/3lo4mtedgg22bhttps://bsky.app/profile/carrier4n6.bsky.social/post/3lmx433cx522xEDR Evasion 101 Types of Evasion Tactics 1) Blinding - prevent agent from seeing 2) Blocking - prevent data from analysis 3) Hiding - prevent detections https://www.cybertriage.com/blog/how-edr-evasion-works-attacker-tactics/16 Apr 2025 17:20 +0000at://did:plc:i56ryptuywjrwthm3h4d7dpb/app.bsky.feed.post/3lmx433cx522xhttps://bsky.app/profile/carrier4n6.bsky.social/post/3lmx3wzw6as2xWebinar Tomorrow @ 11AM Endpoint Triage from 4 experts (I get to moderate) - Harlan Carvey (Huntress) - Kai Thomsen (Dragos) - Quinnlan Varcoe (Blueberry Security) - Mike Wilkinson (Sleuth Kit Labs) Each presents their top 3! Hope to see you there: https://register.gotowebinar.com/register/60043055197794569316 Apr 2025 17:18 +0000at://did:plc:i56ryptuywjrwthm3h4d7dpb/app.bsky.feed.post/3lmx3wzw6as2xhttps://bsky.app/profile/carrier4n6.bsky.social/post/3llrasdpwcs2mLearn from 4 IR experts on how they do Endpoint Triage. Apr 17. I'll MC and you'll hear from @keydet89.bsky.social (Huntress), Kai Thomsen (Dragos), @dfirmike.bsky.social (Sleuth Kit Labs) and Quinnlan Varcoe (Blueberry Security). See you there! https://register.gotowebinar.com/register/600430551977945693?source=BS01 Apr 2025 16:04 +0000at://did:plc:i56ryptuywjrwthm3h4d7dpb/app.bsky.feed.post/3llrasdpwcs2mhttps://bsky.app/profile/carrier4n6.bsky.social/post/3llc25zkeh22kEDRs miss activity! 😲😱. You should not miss webinar tmrw! 😀 Markus and I will talk about why EDR alerts could be days after an attack started. We'll talk about how to do endpoint triage to see what else happened beyond the alert! Mar 27 @ 11 Eastern https://register.gotowebinar.com/register/916920174374853743326 Mar 2025 14:55 +0000at://did:plc:i56ryptuywjrwthm3h4d7dpb/app.bsky.feed.post/3llc25zkeh22khttps://bsky.app/profile/carrier4n6.bsky.social/post/3lkvdilagqs2kFor those in the #SOC: Alert Triage vs Endpoint Triage Blog post that is part of our Endpoint Triage series. Alert triage focuses on validating and prioritizing the EDR/SIEM alert. Endpoint triage focuses on prioritizing the host. How bad is it? https://www.cybertriage.com/blog/alert-triage-vs-endpoint-triage/21 Mar 2025 13:38 +0000at://did:plc:i56ryptuywjrwthm3h4d7dpb/app.bsky.feed.post/3lkvdilagqs2khttps://bsky.app/profile/carrier4n6.bsky.social/post/3lk4w7yvmgk2eNew Autopsy release is out! 🎉 It's been a minute, but it's out. Notable features are BitLocker support and it can run side-by-side with Cyber Triage. Plus, a bunch of library updates. Now Cyber Triage and Autopsy can be used on the same case at the same time! https://www.autopsy.com/autopsy-4-22-0-bitlocker-support-cyber-triage-sidecar-library-updates/11 Mar 2025 20:36 +0000at://did:plc:i56ryptuywjrwthm3h4d7dpb/app.bsky.feed.post/3lk4w7yvmgk2ehttps://bsky.app/profile/carrier4n6.bsky.social/post/3liz6mg26vk2oI'm doing a webinar TMRW on investigation tools for endpoint triage. Basic idea is how to get quick and accurate results after an alert. EDR data plays a role in that, but it's not enough. Endpoint Triage should be in any security team's process. https://attendee.gotowebinar.com/register/281552387805466969?source=Brian+BS https://attendee.gotowebinar.com/register/281552387805466969?source=Brian+LI25 Feb 2025 15:30 +0000at://did:plc:i56ryptuywjrwthm3h4d7dpb/app.bsky.feed.post/3liz6mg26vk2ohttps://bsky.app/profile/carrier4n6.bsky.social/post/3lhvzqsdcbc2q3 places to automate #DFIR Endpoint Triage. Which do you do?11 Feb 2025 16:00 +0000at://did:plc:i56ryptuywjrwthm3h4d7dpb/app.bsky.feed.post/3lhvzqsdcbc2qhttps://bsky.app/profile/carrier4n6.bsky.social/post/3lheztxtmsk2zThe 3 themes we focus on for #DFIR endpoint triage. What are yours?04 Feb 2025 21:47 +0000at://did:plc:i56ryptuywjrwthm3h4d7dpb/app.bsky.feed.post/3lheztxtmsk2zhttps://bsky.app/profile/carrier4n6.bsky.social/post/3lhc7g4cdg22303 Feb 2025 18:48 +0000at://did:plc:i56ryptuywjrwthm3h4d7dpb/app.bsky.feed.post/3lhc7g4cdg223https://bsky.app/profile/carrier4n6.bsky.social/post/3lh277b7rhs2v31 Jan 2025 14:23 +0000at://did:plc:i56ryptuywjrwthm3h4d7dpb/app.bsky.feed.post/3lh277b7rhs2vhttps://bsky.app/profile/carrier4n6.bsky.social/post/3lgv6jqe2us2hEndpoint triage allows you to prioritize your response after an EDR alert. Webinar: Tomorrow at 11 - Vendor Agnostic https://register.gotowebinar.com/register/1427199522892126556?source=BC29 Jan 2025 14:28 +0000at://did:plc:i56ryptuywjrwthm3h4d7dpb/app.bsky.feed.post/3lgv6jqe2us2hhttps://bsky.app/profile/carrier4n6.bsky.social/post/3lgstyhudus2qEndpoint Triage: What you do after you validate the EDR alert to understand the impact. #DFIR Webinar Thu @ 11. https://register.gotowebinar.com/register/1427199522892126556?source=BC28 Jan 2025 16:14 +0000at://did:plc:i56ryptuywjrwthm3h4d7dpb/app.bsky.feed.post/3lgstyhudus2qhttps://bsky.app/profile/carrier4n6.bsky.social/post/3lgqhs7poc22qWe're using the term "Information Artifacts" for high-level #DFIR concepts like "Processes" and "Inbound Logins". I think they are easier to train than low-level Prefetch, UserAssist etc. (i.e. Data Artifacts). Those map to an Info Artifact (Prefetch -> Process). https://www.cybertriage.com/blog/information-artifacts-simplify-dfir-analysis/27 Jan 2025 17:30 +0000at://did:plc:i56ryptuywjrwthm3h4d7dpb/app.bsky.feed.post/3lgqhs7poc22q