23 hours ago6 minSUM UAL - Investigating Server Access with User Access LoggingLearn what the SUM UAL database is and how it can help make or break DFIR analysis.
Apr 275 minLinux Forensics - Collecting a Triage Image Using The UAC ToolLearn how to take a triage image of a *nix based system using the UAC tool.
Mar 115 minEvidence of Program Existence - AmcacheLearn the mystery of the Amcache artifact and how to use it in your DFIR cases
Jan 214 minEvidence of Program Existence - ShimcacheLearn what Shimcache is, how to analyze it, and why it's misunderstood.