River City Digital Forensics logo
River City Digital Forensics

DFIR Tools · Research · Blog
Blog

Research, workflow writeups, and DFIR methodology

This layout is designed to help you publish technical content that supports your tools and builds authority over time.

Interactive Sign-In Analyzer screenshot
May 2026 

OAuth Abuse in Practice   

A practical look at how OAuth abuse occurs, why it can be difficult to detect, and which authentication, audit, and activity logs matter during investigation. 

Interactive Sign-In Analyzer screenshot
April 2026

Interactive Sign-In Logs - One of the most important artifiacts in modern DFIR

A practical look at why interactive sign-in logs matter, what they represent, and how authentication telemetry helps investigators reconstruct modern cloud and identity-based attacks.

Interactive Sign-In Analyzer screenshot
March 2026

DFIR Isn’t “Just Logs” - It’s Forensic Reconstruction at Scale

A perspective on why DFIR is not simply “looking at logs,” but reconstructing adversary behavior through distributed forensic telemetry, identity evidence, and investigative context.

Content

Soon.. 

  • Why Microsoft 365 sign-in logs matter in BEC/ATO cases
  • How to interpret high-value sign-in artifacts
  • Release note articles for each major tool update
  • Lessons learned from building investigator-focused DFIR interfaces
INFO

Soon

Coming soon