Investigating a Compromised Web Server
Learn how to investigate a compromised web server and the logs that exist to assist in your analysis.
top of page
Search
- Oct 9
- 5 min
Artifacts of Execution: Prefetch - Part One
Learn how to identify what programs were executed during an incident with the Prefetch artifact
- Oct 5
- 4 min
Windows Artifacts For Intrusion Analysis: A Treasure Trove of Evidence
During an Incident Response (IR) engagement, I'm often asked what artifacts I look at for analysis. Sure, Event Logs are fantastic, the...
- Sep 22
- 8 min
Cloud Incident Response: Investigating AWS Incidents
Learn the basics of AWS investigations and the logs that exist.
- Aug 18
- 5 min
Sysmon: When Visibility is Key
Learn why visibility is everything when responding to an incident.
- Aug 12
- 5 min
A LNK To The Past: Utilizing LNK Files For Your Investigations
We've all heard of "Link" or "LNK" files, right? You want a faster way to open your favorite game, document or application without need...
bottom of page