I investigate alerts, analyze memory/disk/network artifacts, and turn evidence into timelines and detections.

Tools: Volatility • FTK Imager • Zeek • RITA/AC-Hunter • Splunk
Focus: Memory & disk forensics • Network forensics • Threat hunting • MITRE ATT&CK mapping

• DFIR-Labs → cases, IOCs, ATT&CK, and operational detections (Splunk/Sigma)
  https://github.com/LuCamachoJr/DFIR-Labs
• Latest case: Windows Memory Forensics — Suspicious PowerShell Beaconing
  PDF + notes: DFIR-Labs/cases/2025-08-22-WinMem-PowerShell-Beaconing/
• 🧠 ForenSynth AI — DFIR Report Engine
  Python tool that ingests Chainsaw/Sigma JSON detections and generates executive-ready DFIR reports (Markdown + HTML) with:
  • Two-pass LLM summarization (micro-clusters → final narrative)
  • Visuals (MITRE-mapped donuts + detection heatmap)
  • Evidence appendix (CSV + JSON) and OpenAI usage breakdown
    Repo: https://github.com/LuCamachoJr/ForenSynth-AI
    Live sample report: https://lucamachojr.github.io/dfir-journey/forensynth/2025-11-02-polish-run/

• Splunk searches: DFIR-Labs/detections/splunk/
• Sigma rules: DFIR-Labs/detections/sigma/

LinkedIn: https://www.linkedin.com/in/lcamachojr/