Apr 275 minLinux Forensics - Collecting a Triage Image Using The UAC ToolLearn how to take a triage image of a *nix based system using the UAC tool.
Jan 214 minEvidence of Program Existence - ShimcacheLearn what Shimcache is, how to analyze it, and why it's misunderstood.
Aug 18, 20235 minSysmon: When Visibility is KeyLearn why visibility is everything when responding to an incident.
Aug 12, 20235 minA LNK To The Past: Utilizing LNK Files For Your InvestigationsWe've all heard of "Link" or "LNK" files, right? You want a faster way to open your favorite game, document or application without need...