DFIR Resources

Tools, cheat sheets and materials for digital forensics and incident response professionals

Cheat Sheets

Quick guides for reference in investigations and incident response

Volatile Memory Acquisition

Step-by-step guide for RAM collection on different operating systems, including recommended commands and tools.

Download PDF

Windows Artifacts Analysis

Quick reference for locating and analyzing main forensic artifacts in Windows systems, including registry, logs and system files.

Download PDF

Incident Response - First Steps

Checklist for the first 24 hours after detecting a security incident, with priority actions and important considerations.

Download PDF

Mobile Device Forensics

Reference guide for data acquisition and analysis on iOS and Android smartphones, including file structure and important artifacts.

Download PDF

Tools

Recommended tools for digital investigation and incident response

Data Acquisition

  • FTK Imager - Tool for creating forensic images of disks and volumes
  • Belkasoft RAM Capturer - Utility for RAM memory capture
  • dd / dcfldd - Command line utilities for image creation
  • Cellebrite UFED - Solution for mobile device data extraction

Forensic Analysis

  • Autopsy / Sleuth Kit - Open source digital forensic analysis platform
  • X-Ways Forensics - Advanced software for forensic analysis
  • Volatility - Framework for volatile memory analysis
  • Bulk Extractor - Tool for extracting information from digital evidence

Incident Response

  • KAPE - Kroll Artifact Parser and Extractor
  • Velociraptor - Incident response and data collection tool
  • Redline - Free tool for memory analysis and IOC identification
  • Sysmon - System monitor for Windows with advanced logging

Malware Analysis

  • Cuckoo Sandbox - Automated malware analysis system
  • IDA Pro - Disassembler and debugger for code analysis
  • Ghidra - NSA's open source reverse engineering tool
  • VirusTotal - Online service for suspicious file analysis

Reference Materials

Books, articles and recommended resources for further study

Recommended Books

  • Practical Malware Analysis - Michael Sikorski & Andrew Honig
  • Digital Forensics and Incident Response - Gerard Johansen
  • The Art of Memory Forensics - Michael Hale Ligh et al.
  • File System Forensic Analysis - Brian Carrier
  • Cyber Risk – National and Corporate Strategies on Cybersecurity Risks - Various authors

Blogs and Sites

Online Courses

Contribute to the Portal

Share your knowledge with the community

DFIR is a collaborative portal maintained by the community. If you have knowledge in DFIR and would like to contribute with articles, tools or resources, contact us.

Learn how to contribute Contact us