Oct 17 min readLateral Movement - Remote Desktop Protocol (RDP) Event LogsIdentify the important Windows Event logs to hunt RDP lateral movement, both from the source and target system.
May 86 min readSUM UAL - Investigating Server Access with User Access LoggingLearn what the SUM UAL database is and how it can help make or break DFIR analysis.
Apr 275 min readLinux Forensics - Collecting a Triage Image Using The UAC ToolLearn how to take a triage image of a *nix based system using the UAC tool.
Mar 115 min readEvidence of Program Existence - AmcacheLearn the mystery of the Amcache artifact and how to use it in your DFIR cases
Jan 214 min readEvidence of Program Existence - ShimcacheLearn what Shimcache is, how to analyze it, and why it's misunderstood.
Aug 18, 20235 min readSysmon: When Visibility is KeyLearn why visibility is everything when responding to an incident.
Aug 12, 20235 min readA LNK To The Past: Utilizing LNK Files For Your InvestigationsWe've all heard of "Link" or "LNK" files, right? You want a faster way to open your favorite game, document or application without need...