JQ - is one of the most popular command line utilities for extracting and processing data from JSON files.
Here is a ultimate cheatsheet to the most useful JQ functions for #osint, #dfir, and #forensics:
sans.org/posters/json-and-jq-q…
Contributors twitter.com/SANSInstitute twitter.com/DavidSzili
JSON and jq Quick Start Guide | SANS Cheat Sheet
This guide is a supplement to SANS FOR572: Advanced Network Forensics and Analysis. It covers the basics of JSON and some of the fundamentals of the jq utility.www.sans.org