IEEE

DFIR-Chain - Integrating Memory Forensics, YARA Scanning, and LLM Summarization for Automated Triage

Abstract: Digital forensics and incident response (DFIR) must evolve to deal with increasingly complex memory-resident threats and the ever-increasing volume of volatile data. In response, DFIR-Chain ...
GitHub

Collect and analyze Google Workspace events

GW Forensic is a Google Workspace log analysis tool designed to assist analysts in investigating suspicious events/incidents within a Google Workspace instance in 3 phases: Using documentation based ...
Cloud Security Alliance

Closing the Cloud Forensics and Incident Response Skills Gap

Every alert that goes uninvestigated is a calculated risk — and teams are running out of room for error. Security operations today are stretched thin. SOCs face an ...
GovCon Wire

LevelBlue Closes Cybereason Acquisition

LevelBlue, a pure-play managed security services provider, has finalized its acquisition of cybersecurity firm Cybereason as part of efforts to expand its capabilities in extended detection and ...
NextBigFuture

Detego Global Launches Case Management Platform for Digital Forensics and Incident Response Teams

Detego Global, the company behind the award-winning Unified Digital Forensics Platform, is proud to announce the launch of Detego Case Manager for DFIR, a powerful, purpose-built platform designed to ...
GitHub

Feature Request: Granular Case Permissions — Allow Write Access Without Delete Permission

Currently, DFIR-IRIS case access control allows for three levels: "deny_all," "read_only," and "full_access." However, "full_access" also grants users permission to delete cases, which poses a risk in ...
Automation

NCC Group and Dragos Launch New IT/OT Convergence Retainer Service

The new service combines NCC Group’s Digital Forensic and Incident Response (DFIR) capabilities with Dragos’ OT expertise and intelligence. Nov. 4, 2025 – NCC Group, a people-powered, tech-enabled ...
Business Wire

LevelBlue to Acquire Cybereason, Expanding Global Leadership in Managed Detection and Response, XDR, Incident Response, and Threat Intelligence

DALLAS--(BUSINESS WIRE)--LevelBlue, the world’s largest pure-play provider of managed security services, today announced it has signed a definitive agreement to acquire Cybereason, a leading ...
The Hacker News

Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks

Threat actors are abusing Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in connection with ransomware attacks likely orchestrated by Storm-2603 (aka CL-CRI-1040 or ...
bitnewsbot

Storm-2603 Exploits Velociraptor DFIR in Multi-Ransomware Attacks

Storm-2603, a ransomware group active in 2025, has been found using Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in ransomware campaigns. The attacks exploited ...
CSOonline

Open-source DFIR Velociraptor was abused in expanding ransomware efforts

Velociraptor, the open-source DFIR tool meant to hunt intruders, has itself gone rogue – being picked up by threat actors in coordinated ransomware operations. Never tied to extortion attacks before, ...