May 86 minSUM UAL - Investigating Server Access with User Access LoggingLearn what the SUM UAL database is and how it can help make or break DFIR analysis.
Apr 275 minLinux Forensics - Collecting a Triage Image Using The UAC ToolLearn how to take a triage image of a *nix based system using the UAC tool.
Apr 166 minRespond and Investigate a Compromised Google Workspace UserLearn how to respond and investigate a compromised Google Workspace user.
Mar 284 minMinimizing Malicious Script ExecutionLearn some quick wins to minimize malicious script execution.
Mar 115 minEvidence of Program Existence - AmcacheLearn the mystery of the Amcache artifact and how to use it in your DFIR cases
Jan 214 minEvidence of Program Existence - ShimcacheLearn what Shimcache is, how to analyze it, and why it's misunderstood.
Oct 9, 20235 minArtifacts of Execution: Prefetch - Part OneLearn how to identify what programs were executed during an incident with the Prefetch artifact
Sep 22, 20238 minCloud Incident Response: Investigating AWS IncidentsLearn the basics of AWS investigations and the logs that exist.
Aug 18, 20235 minSysmon: When Visibility is KeyLearn why visibility is everything when responding to an incident.
Aug 12, 20235 minA LNK To The Past: Utilizing LNK Files For Your InvestigationsWe've all heard of "Link" or "LNK" files, right? You want a faster way to open your favorite game, document or application without need...