Richard Davis
@davisrichardg
Followers
3K
Following
1K
Media
137
Statuses
1K
Forensic Investigator @Microsoft and part-time YouTuber. Follow @13CubedDFIR for 13Cubed updates.
Georgia, USA
Joined August 2009
Lots of work went into this, but it was a labor of love. I really appreciate all the community support I've received. I hope y'all enjoy it! #DFIR #forensics
ππ The first 13Cubed Training Course, Investigating Windows Endpoints, is now available for purchase! Check out the launch video here: https://t.co/8koDVibcan
#DFIR #forensics
0
0
21
ππ
π Happy Halloween Week! It's time for a new 13Cubed episode. Let's look at a quick and easy way to find the Intermediate Symbol File (ISF) for your Linux memory image and speed up your analysis. https://t.co/pyflb99itM
#DFIR #Linux #MemoryForensics
0
1
1
Ooh that sounds interesting... π§
This is great, someone getting BSD working on the WSL subsystem! https://t.co/cqDOzC7lfi Heck yeah
0
0
1
A new 13Cubed episode is up! ππ
Happy 9/9! It's time for a new 13Cubed episode. π I'm sure you're as sick of hearing about AI as I am, but I have some thoughts... Let's talk about it. https://t.co/pV5787G36U
#DFIR
0
0
1
π Happy Windows 95 launch day! I honestly remember it like it was yesterday... I feel old. π€
0
0
5
Another 13Cubed course review has been published. πππ
π A new comprehensive review of Investigating Windows Memory is now available. If you're considering any 13Cubed course, you may want to give this a read:
0
0
1
Investigating macOS Endpoints is up-to-date and ready! While the course focuses on the process more so than the tooling, mac_apt is a must have for macOS forensics.
mac_apt v1.26.1 is here, now supports processing Velociraptor collections and compiled versions for macOS too. Many incremental updates and new plugins (we are at 52 plugins now!). https://t.co/FB2icmZ5PZ
#DFIR #macOS
0
3
23
Had a great time discussing my upcoming book with @davisrichardg at @13CubedDFIR. Richard is a pleasure to talk to and a true technology wizard. Check out his trainings for macOS forensics! Books still available for pre-order at themittenmac website https://t.co/A9y7As9QK5
0
3
22
π€π
π A new 13Cubed episode is up! In this one, I sit down with @jbradley89Β to talk about his upcoming book Threat Hunting macOS -- the perfect companion to our new βInvestigating macOS Endpoints" course.Β https://t.co/Hgr4kOiL2x
1
0
2
This is an excellent deal. Pairs nicely with https://t.co/5UF8OmngOC. π₯°
training.13cubed.com
Affordable, comprehensive, online, and on-demand macOS forensics training course
That $800 M4 MacBook Air on Amazon with free overnight shipping is doing work. Soaking up pent-up demand like never before. I wonder how Apple's gonna sell us on the M5 MacBook Pro models..
0
0
1
βοΈπ
Happy summer! βοΈ Ready for a new 13Cubed memory forensics challenge? You could win an official 13Cubed challenge coin. π Check it out here! https://t.co/tpUWVBGDon
#DFIR
0
0
1
Pretty cool milestone π
We just issued our 500th 13Cubed certification! π Learn more at https://t.co/f1bp4UcBRg. All Windows, Linux, and macOS courses include certification attempts at no extra cost, allowing you to demonstrate real-world practical application of forensic investigative techniques. π
0
0
0
Framework Desktop will make a great DF/IR lab box - nice and portable too. I preordered the 128GB model. π₯°
The new open @MistralAI model works great on a 128GB Framework Desktop. You can crank it up to the full 131k context length!
1
0
14
π’ I partnered with @13CubedDFIR for another giveaway! π Their Investigating macOS Endpoints course just launched, and one person from X will win the new course! Course content includes: - Introduction to macOS - macOS Logs - macOS File Systems - macOS Core Forensic Artifacts
89
91
146
Next Ghostty Tahoe PR, adding icons to menu items as recommended by the new design guidelines. A small detail, but all the small things to help Ghostty feel right at home in the new design language when we get there. https://t.co/Nyy69jvxL4
16
22
617
@DfirDiva @13CubedDFIR Very nice! 13Cubed has published a short video, taken from the course. It helps to see the quality of the material: https://t.co/ZGUfqQcWnr
0
1
2
Happy WWDC week! πππ
π Big news! Investigating macOS Endpoints is now liveβplus our new *NIX Bundle and XPlat Bundle Complete (all 13Cubed courses in one package). Thanks for patiently waiting! Dive in now π https://t.co/ZzH333FK8E
#DFIR #macOS #Linux
0
0
2
ππ
π Itβs time for a new 13Cubed episode! Weβll briefly explore how process hollowing works and check out the relatively new windows.hollowprocesses plugin for Volatility 3. There are also two memoryΒ samples you can download for practice! https://t.co/i2qVZkXGGU
#DFIR
1
1
4
Ding dong, the 2010s called β they want their TTPs back. Amazing how you can still completely own companies using decade-old techniques: - PSExec for RDP prep - Mimikatz dumped in C:\PerfLogs - LOLbin-fueled network recon - A scheduled task beaconing to some shady IP It still
13
86
526
ππ
π Happy Friday! Two quick updates: Investigating macOS Endpoints and related bundles are now open for waitlisting! π https://t.co/28XAhnWq0q 13Cubed Merch Store is LIVE with fresh designs and premium shirts! π
0
0
1