incidentresponse | The DFIR Spot

top of page

The DFIR Spot

Search

A penguin looking into a container containing multiple computers

A penguin looking into a container containing multiple computers

Utilizing QELP for Rapid ESXi Analysis

Learn how to use the QELP tool to quickly triage ESXi servers. Parse through the relevant logs quickly in order to investigate malicious activity.

6 days ago6 min read

Linux Forensics - Collecting a Triage Image Using The UAC Tool

Linux Forensics - Collecting a Triage Image Using The UAC Tool

Linux Forensics - Collecting a Triage Image Using The UAC Tool

Learn how to take a triage image of a *nix based system using the UAC tool.

Apr 27, 20247 min read

Evidence of Program Existence - Shimcache

Evidence of Program Existence - Shimcache

Evidence of Program Existence - Shimcache

Learn what Shimcache is, how to analyze it, and why it's misunderstood.

Jan 21, 20244 min read

Sysmon: When Visibility is Key

Sysmon: When Visibility is Key

Sysmon: When Visibility is Key

Learn why visibility is everything when responding to an incident.

Aug 18, 20235 min read

A LNK To The Past: Utilizing LNK Files For Your Investigations

A LNK To The Past: Utilizing LNK Files For Your Investigations

A LNK To The Past: Utilizing LNK Files For Your Investigations

We've all heard of "Link" or "LNK" files, right? You want a faster way to open your favorite game, document or application without need...

Aug 12, 20235 min read

bottom of page