Free Resources
- NIST Computer Security Incident Handling Guide (800-61r2)
- https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final
- Interfacing with Law Enforcement
- https://www.sans.org/score/law-enforcement-faq
- Incident Handling Forms
- https://www.sans.org/score/incident-forms
- Jai Minton’s DFIR Cheat Sheet
- https://www.jaiminton.com/cheatsheet/DFIR/#persistence-and-automatic-loadrun-reg-keys
- CISA Incident Response Series
- https://www.youtube.com/playlist?list=PL-BF3N9rHBLJaSbTRPyWYj56f0m2uDQD7
- s0cm0nkeys Security Reference Guide
- https://s0cm0nkey.gitbook.io/s0cm0nkeys-security-reference-guide/
Non-Free Resources
- SANS Hacker Tools, Techniques, Exploits, and Incident Handling (SEC504)
- https://www.sans.org/course/hacker-techniques-exploits-incident-handling
- Google Rapid Response (GRR)
- https://github.com/google/grr
- Meerkat
- https://github.com/TonyPhipps/Meerkat
- log2timeline & Plaso
- https://github.com/log2timeline/plaso
- https://digital-forensics.sans.org/media/Plaso-Cheat-Sheet.pdf
- https://plaso.readthedocs.io/en/latest/sources/user/Using-log2timeline.html
- Timesketch
- http://timesketch.org/
- https://github.com/google/timesketch
- Autopsy
- apfs-fuse