Skill UI

Step-by-step guide for acquiring and analyzing mobile device data with Cellebrite UFED combined with ALEAPP/iLEAPP, covering evidence collection from messages, locations, and app artifacts during security or corporate investigations.

Detect hidden payloads in images, audio, and video by combining metadata inspection, binwalk/zsteg/stegoveritas scans, steghide extraction attempts, and custom LSB analysis scripts to trace covert communication channels during digital forensics investigations.

Proactively hunt threats in Elastic Security SIEM with KQL/EQL queries, Timeline investigations, and detection rules, helping SOC teams validate ATT&CK techniques, investigate anomalies, and close coverage gaps when automated alerts miss adversaries.

Use OWASP Threat Dragon to build collaborative data flow diagrams, classify threats via STRIDE/LINDDUN, capture mitigations, and export reports for secure design reviews.

Use PhotoRec to carve deleted documents, images, videos, and database files from forensic disk images or damaged storage media when metadata is missing; the workflow covers installation, interactive scans, command-mode targeting, cataloging, and validation for evidence-focused investigations.

Use JADX along with APK inspection tools to decompile malicious Android packages, examine permissions, services, manifests, and Java/Kotlin sources, and identify data-theft, C2, overlay, or privilege abuse behaviours during mobile malware investigations.

Guides SOC Tier 1 analysts through Splunk ES Incident Review to classify alert severity, investigate notable events with SPL, correlate telemetry, and document disposition decisions before escalating or closing incidents.