In this cheat sheet, we'll take a look at some of the key tools and techniques that can be used to perform Azure Incident Response.

Windows file system forensics is a vital aspect of digital forensics investigations, as it allows examiners to recover and analyze evidence.

The forensic value of MFT journals is that they can be used to find evidence of file creations, deletions, renames, etc.

We are going to extract this valuable information with a well-known tool made by Eric Zimmermann, and use a python-based addon I created.

The amount of information stored locally in the browser's folders is huge and can be super useful for forensic analysis.

Windows event logs provide a rich source of forensic information for threat hunting and incident response investigations.

While Windows forensics is widely covered via several courses and articles, there are fewer resources introducing it to the Linux Forensics

The Evidence of execution might be your forensic solution.

HackTheBox Reversing Challenges - Baby_RE, Bypass & Impossible Password.

Shadow Copies is the one thing you need to add your Forensics activity list.

RDP is that thing you want to investigate...

Registry Hives are one of the major evidence providers for us, the analysts.

One of the fewest Python based Ransomware...

Shodan is a search engine for finding devices and their types, that exist on the world wide web.