DFIRVault
Screenshot 2025-04-03 192454

Digital Forensics

Investigation Repository

A curated collection of insights, techniques, and discoveries from real-world digital forensics investigations and incident response cases.

Enter the Vault
About DFIR Vault

Latest Post

Featured Malware Analysis
  • By Jacob Wilson
  • Aug 19, 2025

Dynamic Malware Analysis on an ELK Stack

Recently i begun setting up a home lab with an Elasticsearch server and a seperate vm running Windows. On the...

Read More

Featured Articles

Deep dives into digital forensics techniques and incident response methodologies

Incident Response Threat Hunting Tooling and Software
  • By Jacob Wilson
  • Sep 24, 2025

CrowdStrike Investigator

 I’ve just released a new tool: CrowdStrike AID Timeliner.This script helps investigators...

Read More
Tooling and Software Windows Forensics
  • By Jacob Wilson
  • Aug 27, 2025

SFTP Monitor Tool

In digital forensics and incident response (DFIR), one recurring pain point I’ve...

Read More
Incident Response Tooling and Software Windows Forensics
  • By Jacob Wilson
  • Aug 20, 2025

Hayabusa Scanner Menu

Streamlining Windows Event Log Analysis with My Hayabusa Scanner Menu ToolFor many...

Read More
Featured Malware Analysis
  • By Jacob Wilson
  • Aug 19, 2025

Dynamic Malware Analysis on an ELK Stack

Recently i begun setting up a home lab with an Elasticsearch server...

Read More
Tooling and Software Windows Forensics
  • By Jacob Wilson
  • Aug 19, 2025

Automating Windows Event Log Analysis with Chainsaw Event Log Scanner

As a cybersecurity enthusiast, I’m always exploring ways to streamline digital forensics...

Read More
Tooling and Software
  • By Jacob Wilson
  • Aug 4, 2025

Splunk DFIR Case Manager

Why I Built This ToolAs a cybersecurity professional, I frequently work with Splunk for...

Read More
Tooling and Software
  • By Jacob Wilson
  • Aug 4, 2025

CSV Splitter

When working in digital forensics or threat intelligence, CSVs from SIEM tools,...

Read More
Tooling and Software
  • By Jacob Wilson
  • Jun 24, 2025

NGINX log parser

During DFIR investigations, especially in NGINX environments, we’re often handed a messy...

Read More
Featured Incident Response LLM / AI Tooling and Software
  • By Jacob Wilson
  • Jun 23, 2025

Connecting Splunk with LLM

Why Use LLMs for DFIR in Splunk?As DFIR professionals, we deal with...

Read More
Threat Hunting Tooling and Software
  • By Jacob Wilson
  • Jun 22, 2025

DFIR THOR Drive Scanner – Fast Forensic Scans with One Click

🔍 THOR Drive Scanner – Fast Forensic Scans with One ClickNeed to...

Read More
Tooling and Software
  • By Jacob Wilson
  • Jun 21, 2025

DFIR Case Manager

📁 DFIR Case Manager – Simple Case Workflow in a ClickManaging forensic...

Read More
Tooling and Software
  • By Jacob Wilson
  • Jun 13, 2025

SpiderFoot Windows Quick Launcher

As a digital forensics and incident response (DFIR) professional, I'm always looking...

Read More
Incident Response Threat Hunting Tooling and Software
  • By Jacob Wilson
  • Jun 12, 2025

Splunk DFIR Dashboard Collection

Digital Forensics and Incident Response (DFIR) professionals know that speed and efficiency...

Read More
Threat Hunting Tooling and Software
  • By Jacob Wilson
  • May 22, 2025

AI-Assisted Hunting: Ollama Meets ELK

When we work with a large amount of logs, sometimes millions or...

Read More
Cloud Forensics Incident Response Threat Hunting Tooling and Software Windows Forensics
  • By Jacob Wilson
  • May 21, 2025

ForensIQ

Introducing ForensIQ: AI-Powered Elasticsearch Log Analysis for Cybersecurity Investigations The Challenge of...

Read More
Cloud Forensics Incident Response Threat Hunting Tooling and Software
  • By Jacob Wilson
  • May 21, 2025

CSV2ELK

Why I Built ThisAs a DFIR professional, I constantly deal with:CSV exports from...

Read More
Tooling and Software
  • By Jacob Wilson
  • Apr 7, 2025

Setting up logontracer daemon

Step 1 – Create Bash Script: Touch logontracer_run.sh Chmod +x logontracer_run.sh Nano...

Read More
More posts

About DFIR Vault

DFIR Vault is a personal blog dedicated to sharing insights, techniques, and discoveries from real-world digital forensics investigations and incident response engagements.

My name is Jacob Wilson, and with over a decade of experience in the cybersecurity field, I’ve encountered countless unique challenges during investigations. This repository serves as both a personal knowledge base for myself and also a resource for the wider DFIR community.

Categories

Find me using the below links:

Github X-twitter Youtube Linkedin

“Digital forensics is not just about finding evidence; it’s about reconstructing the narrative of what actually happened.”