NobisD
Welcome to nobisd.fr. NobisD is a technical blog about DFIR and incident response: starting from traces, rebuilding timelines, testing hypotheses and documenting what still holds up.
The posts mostly deal with network investigations, PCAP analysis with Zeek, Windows/Linux forensics and Active Directory. I also use reproducible cybersecurity labs to test tools, replay attacks, validate detection ideas and prepare threat hunting work.
The goal is practical: show commands, logs, reasoning, useful pivots, and sometimes the dead ends.
Who am I?
I’m Théophane Dumas. I work in cybersecurity, with a strong interest in DFIR, network forensics, Active Directory and lab environments.
I write to share concrete analysis: hypotheses, pivots, tools, blind spots, and notes that may be useful later.
Why DFIR?
Digital Forensics and Incident Response is what lets us understand fast enough to act in time. When an incident starts, you need to know what is affected, how the attacker got in, where they moved, and what must be contained first.
We analyze, correlate, reconstruct, verify and document to reduce uncertainty. Not just to write a clean report afterwards, but to help an organization make the right decisions while they still matter.