Hal Pomeranz1d ago

jq is super useful, once somebody explains the basics to you. Here I am explaining the basics in a way that's applicable for all you DFIR types.

https://righteousit.com/2026/04/06/jq-for-forensics/

#JSON #DFIR #Linux

jq For Forensics

jq is a great tool for parsing JSON data. But DFIR professionals often apply jq differently from the typical examples you see written for developers.

Righteous IT
Show threadNullstring 🏴‍☠️1d ago
@hal_pomeranz jq is my boyfriend
Show threadHal Pomeranz1d ago
@0x00string jq is in my "parsing hall of fame" along with awk and tshark.
Show threadMattias Wadman15h ago
@hal_pomeranz @0x00string tried fq? i know some ppl have used it for forensic related things
Show threadviq10h ago
@wader @hal_pomeranz @0x00string could I ask for a link? I'm failing to find it.
Edit: "fq jq" finds https://github.com/wader/fq
Show threadNullstring 🏴‍☠️
@wader @hal_pomeranz @viq this a good thread
2:03pmWeb