dreaiith/0xForensiq

GitHub: dreaiith/0xForensiq

Stars: 0 | Forks: 0

image A personal knowledge base covering CTF forensics, digital forensics, and blue teaming. Built for continuous learning and revision toward mastery. ##### Maintained by Dreaith | Started June 01, 2026 image #### Current Focus : 1. SOC THM-1 2. ZDTH 3. 30 Days Checklist to Forensics Start date : June 01 || Target to Finish in 2 Weeks image ### What This Repo Covers **CTF** challenge writeups, solve scripts, flags, and patterns learned from competition forensics. **Forensics** the core knowledge base. Artifact analysis, methodology, tools, and checklists covering disk, memory, network, steganography, and metadata. **Blue Team** real-world application. Incident response workflows, log analysis, SOC concepts, detection notes, and DFIR methodology outside of CTF context. Forensics is the foundation. CTF sharpens the speed and technique. Blue team applies it to real scenarios. image ### Structure dfir-vault/ ├── README.md ├── METHODOLOGY.md ├── PROGRESS.md ├── forensics/ │ ├── methodology.md │ ├── tools.md │ ├── resources.md │ ├── notes/ │ │ ├── disk.md │ │ ├── memory.md │ │ ├── network.md │ │ ├── file-carving.md │ │ ├── steganography.md │ │ └── metadata.md │ └── checklists/ │ ├── disk-checklist.md │ ├── memory-checklist.md │ └── pcap-checklist.md ├── blueteam/ │ ├── methodology.md │ ├── notes/ │ │ ├── log-analysis.md │ │ ├── incident-response.md │ │ ├── threat-hunting.md │ │ ├── soc-workflows.md │ │ └── detection-notes.md │ ├── playbooks/ │ │ ├── phishing.md │ │ ├── ransomware.md │ │ └── lateral-movement.md │ └── resources.md ├── writeups/ │ ├── _template.md │ └── YYYY/ │ └── CTF-NAME/ │ └── challenge-name/ │ ├── README.md │ ├── solve.py │ └── files/ ├── templates/ │ ├── writeup.md │ └── forensics-checklist.md └── tools/ ├── README.md ├── setup.sh ├── custom/ └── configs/ image ## Writeup Format # Challenge Name **CTF:** | **Points:** | **Date:** ## Description ## Initial Recon ## Approach ## Solution ## Commands / Script ## Flag `CTF{...}` ## Lessons Learned image ## Toolkit | Area | Tools | |---|---| | Disk and File System | Autopsy, FTK Imager, sleuthkit, extundelete | | Memory | Volatility3, strings, bulk_extractor | | Network / PCAP | Wireshark, tshark, NetworkMiner, tcpdump | | File Carving | binwalk, foremost, scalpel, photorec | | Steganography | steghide, stegsolve, zsteg, stegseek | | Metadata | exiftool, mediainfo, mat2 | | Log Analysis | Splunk, ELK Stack, chainsaw, hayabusa | | General | file, strings, xxd, hexdump, 010 Editor | image ## Sources and Websites | Resource | URL | |---|---| | CTFtime | https://ctftime.org | | PicoCTF | https://picoctf.org | | HackTheBox | https://hackthebox.com | | TryHackMe | https://tryhackme.com | | CyberDefenders | https://cyberdefenders.org | | Blue Team Labs Online | https://blueteamlabs.online | | LetsDefend | https://letsdefend.io | | DFIR.training | https://dfir.training | | AboutDFIR | https://aboutdfir.com | | Forensics Wiki | https://forensics.wiki | | CTF101 Forensics | https://ctf101.org/forensics/overview | | HackTricks | https://book.hacktricks.xyz | | Volatility Docs | https://volatility3.readthedocs.io | | 13Cubed (YouTube) | https://youtube.com/@13Cubed | | Eric Zimmerman Tools | https://ericzimmerman.github.io | | MITRE ATT&CK | https://attack.mitre.org | image ## Revision Workflow | Trigger | Action | |---|---| | After every CTF | Add writeup, update PROGRESS.md | | After a new technique | Update the relevant notes file | | After a failed challenge | Write a partial writeup | | Weekly | Review weak areas, set next goals | | Monthly | Refactor methodology, consolidate notes |