SOC & DFIR
Workflows and tooling for security analysts — phishing triage, forensics, and the small conversion and inspection tasks that come up in every investigation.
Articles
- Open Outlook .msg Files on Linux — convert
.msgexports to.emlwith msgconvert and inspect headers and body in any editor - SPF Record Explained — what
spf=passreally validates, readingReceived-SPF, and checking any SPF record withdig - DKIM Signature Check — decode every
DKIM-Signature:tag and look up the public key viaselector._domainkey.domain - DMARC Alignment Explained — how alignment ties SPF and DKIM to the visible
From:, and whatp=none/quarantine/rejectmean - Create MD5 and SHA256 File Hashes — evidence-integrity hashing on Windows, macOS, and Linux, with verification steps