Hal Pomeranz1d ago

jq is super useful, once somebody explains the basics to you. Here I am explaining the basics in a way that's applicable for all you DFIR types.

https://righteousit.com/2026/04/06/jq-for-forensics/

#JSON #DFIR #Linux

jq For Forensics

jq is a great tool for parsing JSON data. But DFIR professionals often apply jq differently from the typical examples you see written for developers.

Righteous IT
Show threadmaaneeack
@hal_pomeranz I used jq to fix an issue at my previous job, after seeing errors about it and reinstalling jq.
1:46pmWeb
Show threadHal Pomeranz7h ago
@maaneeack That’s very meta. Well done!