Digital Forensics & Incident Response
Focused on Real Investigative Work
Independently developed DFIR tools and applied research focused on digital forensics, incident response, and investigative analysis across modern environments.
What This Site Provides
- Investigator-focused DFIR tooling
- Authentication and identity telemetry analysis
- Structured, defensible investigative outputs
- Applied research based on real-world workflows
DFIR Tools
Purpose-built tools designed to support investigative analysis across authentication, audit, and broader digital evidence sources, with consideration for compliance and enterprise requirements.
Interactive Sign-In Analyzer
Analysis of interactive authentication activity with detection of high-risk patterns and anomalies.
Non-Interactive Sign-In Analyzer
Detection and analysis of non-interactive authentication telemetry and token-based activity.
Unified Audit Log Analyzer
Analysis of audit and service activity logs to support investigative reconstruction and scoping.
Message Trace Analyzer
Analysis of message flow and delivery activity to support BEC scoping, communication review, and investigative context.
Research & Analysis
Technical write-ups focused on DFIR methodology, investigative techniques, and the analysis of modern digital evidence across cloud, endpoint, and identity environments.
Purpose
This platform is used to develop and share investigator-focused tools and applied research related to digital forensics and incident response.
The focus is on practical analysis of authentication activity, audit data, and other investigative artifacts across modern enterprise environments.
Methodology
- Structured analysis of distributed evidence sources
- Detection logic aligned to real-world attack patterns
- Preservation of investigative timelines
- Clear, defensible reporting outputs