Connecting Splunk with LLM
Why Use LLMs for DFIR in Splunk?As DFIR professionals, we deal with massive volumes of logs—security events, network traffic, endpoint...
A curated collection of insights, techniques, and discoveries from real-world digital forensics investigations and incident response cases.
Why Use LLMs for DFIR in Splunk?As DFIR professionals, we deal with massive volumes of logs—security events, network traffic, endpoint...
During DFIR investigations, especially in NGINX environments, we’re often handed a messy...
Why Use LLMs for DFIR in Splunk?As DFIR professionals, we deal with...
🔍 THOR Drive Scanner – Fast Forensic Scans with One ClickNeed to...
📁 DFIR Case Manager – Simple Case Workflow in a ClickManaging forensic...
As a digital forensics and incident response (DFIR) professional, I'm always looking...
Digital Forensics and Incident Response (DFIR) professionals know that speed and efficiency...
When we work with a large amount of logs, sometimes millions or...
Step 1 – Create Bash Script: Touch logontracer_run.sh Chmod +x logontracer_run.sh Nano...
DFIR Vault is a personal blog dedicated to sharing insights, techniques, and discoveries from real-world digital forensics investigations and incident response engagements.
My name is Jacob Wilson, and with over a decade of experience in the cybersecurity field, I’ve encountered countless unique challenges during investigations. This repository serves as both a personal knowledge base for myself and also a resource for the wider DFIR community.
Find me using the below links:
“Digital forensics is not just about finding evidence; it’s about reconstructing the narrative of what actually happened.”
