sudo-rosh/dfir-portfolio

# DFIR Portfolio A 60-day intensive, practical training program in Digital Forensics and Incident Response. Every folder in this repository represents real investigative work — no theory dumps, no course certificates. Hands-on analysis, documented findings, and investigation reports. ## Focus areas - Windows disk forensics (MFT, Prefetch, Registry, Event Logs, LNK, Shellbags) - Memory forensics (Volatility 3 — process injection, credential dumping, C2 detection) - Log analysis and SIEM (Splunk SPL, ELK, Sysmon, Sigma rules) - Malware triage (static and dynamic analysis, IOC extraction, YARA rules) - Network forensics (PCAP analysis, C2 identification, Wireshark, Zeek) - Linux forensics and basic cloud forensics (AWS CloudTrail) - Full incident response simulations mapped to MITRE ATT&CK ## Tools used Eric Zimmerman Tools · Volatility 3 · FTK Imager · Splunk · Autopsy · Wireshark · PEStudio · REMnux · FlareVM · CyberChef · MITRE ATT&CK Navigator ## Progress log | Day | Topic | Tools | Output | |-----|-------|-------|--------| | 01 | Lab setup · Prefetch, Registry, LNK artifact analysis · Memory acquisition | PECmd · LECmd · Registry Explorer · FTK Imager | [Day 01](./Day01/) | ## Investigation reports *Published as investigations are completed. Each report includes: executive summary, artifact timeline, MITRE ATT&CK mapping, IOC table, and recommendations.* | # | Case | Type | Report | |---|------|------|--------| | — | In progress | — | — | ## Platforms and challenge sources CyberDefenders · Blue Team Labs Online · TryHackMe · MemLabs · Malware-Traffic-Analysis.net · Splunk BOTS ## Contact [LinkedIn (https://www.linkedin.com/in/roshini-john)] · [Email (roshini.john02@gmail.com]