Random DFIR Noise Simulator — Building Realistic Detection Data
Purpose During DFIR analysis, it’s easy to rely on static data. To train and validate detections, I built a PowerShell-based Random DFIR Noise Simulator that produces realistic but safe Windows event activity for hunting and Sigma rule tuning. Evolution of the Simulator During early DFIR lab builds, I wrote a sequence of PowerShell scripts to simulate benign Windows activity and inject lightweight IOC noise into Sysmon and Security logs for Chainsaw and Sigma testing. ...