Oct 158 minInvestigating a Compromised Web ServerLearn how to investigate a compromised web server and the logs that exist to assist in your analysis.
Oct 95 minArtifacts of Execution: Prefetch - Part OneLearn how to identify what programs were executed during an incident with the Prefetch artifact
Oct 54 minWindows Artifacts For Intrusion Analysis: A Treasure Trove of EvidenceDuring an Incident Response (IR) engagement, I'm often asked what artifacts I look at for analysis. Sure, Event Logs are fantastic, the...
Sep 228 minCloud Incident Response: Investigating AWS IncidentsLearn the basics of AWS investigations and the logs that exist.
Aug 185 minSysmon: When Visibility is KeyLearn why visibility is everything when responding to an incident.
Aug 125 minA LNK To The Past: Utilizing LNK Files For Your InvestigationsWe've all heard of "Link" or "LNK" files, right? You want a faster way to open your favorite game, document or application without need...