NobisD Logo

NobisD

Incident response, DFIR & network forensics

Latest posts

View all

eBPF rootkits & forensics: from blinding telemetry to memory detection

How an eBPF rootkit bypasses kernel lockdown to blind Linux telemetry, and a memory detection method with Volatility 3 linking processes, maps and eBPF programs.

June 14, 2026 · NobisD

DFIR & Threat Hunting: Why Graphs Change Everything

Why modelling security data as graphs improves DFIR and threat hunting, with examples based on Zeek, Neo4j, BloodHound and JACG.

May 18, 2026 · NobisD

Forensics at Scale: Using Dissect and ELK for Efficient Investigations

How to scale forensic investigations with Dissect, Logstash and ELK to extract, centralise and search artefacts across multiple machines.

April 6, 2026 · NobisD