Contribute to DFIR research

Want me to look at some artifacts or just want to contribute?

Drop me an email to

I can’t promise i will help you in a timely fashion, but i will try my best. I will also honor a TLP for your contributions, if you don’t specify, default TLP is GREEN. Also please provide some context of data if you can. The only requirement is that data must be from real-world incidents, honeypots or otherwise indicate attacker activity in the wild.

I am interested in all kinds of data, whatever you can share. I am specifically interested in:

  • Spear-phishing emails – send me original emails with headers, subject and attachments. Please don’t send me regular UPS spam though.
  • Logs – send me all kind of logs such as web server logs, proxy logs, dns logs, windows logs, AV and other security systems logs etc.
  • Memory dumps
  • Malware samples
  • Forensic artifacts like registry dumps, prefetch files, browser history, MFT journal, directory and process listings.
  • Network traffic
  • Disk images

Some of this data can be big, but contact me and we figure something out.

I am also accepting other donations to support research efforts such as:

  • Servers\provisioned resources to deploy honeypots and network sensors
  • API access to various useful security services
  • Useful tools for security and data analysis
%d bloggers like this: