Just got an email for a “Cyber Easter” sale. Can we please stop making everything Cyber?

Yes I wrote CyberPipe and host Cyber Unpacked… but still…

A Study in DFIR: Open-Source, Enterprise, and the Art of Analysis

Someone asked me recently how I see DFIR evolving — tooling, automation, and open-source versus enterprise platforms. It's the kind of question that sounds like a conference panel topic, but the answer is grounded in how work actually gets done. In practice, it isn't a binary choice. The most effective IR practitioners I've worked with use a combination of both commercial and open-source tools, depending on the problem in front of them.

http://bakerstreetforensics.com/2026/03/18/a-study-in-dfir-open-source-enterprise-and-the-art-of-analysis/

New YouTube Video series covering the free open-source YARA & Malware Analysis toolkit, MalChela. Covers installation, Initial static analysis, YARA rule creation, REMnux integration and more.

http://bakerstreetforensics.com/2026/03/11/the-game-is-afoot-introducing-the-malchela-video-series/

MalChela Meets AI: Three Paths to Smarter Malware Analysis

In a previous post I wrote about integrating MalChela with OpenCode on REMnux and giving the AI a quick briefing on the tool suite so it could incorporate them into its analysis workflow. That was a promising proof of concept, but it raised a natural follow-up question: how do you make these integrations more robust, reproducible, and persistent? Since that post, I've been experimenting with three different approaches to bringing MalChela into AI-assisted workflows — each suited to a different environment and use case.

http://bakerstreetforensics.com/2026/03/03/malchela-meets-ai-three-paths-to-smarter-malware-analysis/

Streamline Malware Hash Search with FOSSOR

We’ve all encountered this scenario: you’re reading a threat report from CISA or Microsoft and come across hashes related to a malware infection. You start copying these hashes and head to one of your favorite virus repositories to check if there’s a source available for download so you can analyze the malware yourself. Unfortunately, you don’t find a match. So, you move on to another site and repeat the process.

http://bakerstreetforensics.com/2026/02/10/streamline-malware-hash-search-with-fossor/

Enhancing Malware Analysis with REMnux and AI

Those familiar with my work know that I’m a big fan of the REMnux Linux distribution for malware analysis. When I developed MalChela, I included a custom configuration that can be invoked that not only includes the MalChela tool suite but also integrates many of the CLI tools installed in REMnux, providing an easy-to-use GUI. Recently, a new REMnux release was released on Ubuntu 24.04.

http://bakerstreetforensics.com/2026/02/09/enhancing-malware-analysis-with-remnux-and-ai/

Wrapping up 2025 with the year in code, including the evolution of MalChela for malware analysis, streamlined CyberPipe tools, and the introduction of Toby, a portable forensics platform. Focus was on creating practical solutions for #DFIR professionals and students for triage and #MalwareAnalysis

http://bakerstreetforensics.com/2025/12/05/2025-year-in-review-open-source-dfir-tools-and-malware-analysis-projects/

CyberPipe-Timeliner was developed to integrate Magnet Response collections with ForensicTimeliner. This tool automates the workflow of EZTools, and transforms collection data into a unified forensic timeline. #DFIR

http://bakerstreetforensics.com/2025/11/05/cyberpipe-timeliner-from-collection-to-timeline-in-one-script/

CyberPipe v5.3: Enhanced PowerShell Compatibility and Reliability

I'm pleased to announce the release of CyberPipe v5.3, bringing critical compatibility improvements for Windows PowerShell 5.1 and enhanced reliability across all PowerShell environments. The Problem After releasing v5.2 with the new unified banner design, several users reported an interesting issue: CyberPipe would execute perfectly in PowerShell Core, but in Windows PowerShell 5.1, the script would complete the Magnet Response collection successfully—then immediately fail with an exit code error and stop before running EDD and BitLocker key recovery.

http://bakerstreetforensics.com/2025/11/04/cyberpipe-v5-3-enhanced-powershell-compatibility-and-reliability/