In this cheat sheet, we'll take a look at some of the key tools and techniques that can be used to perform Azure Incident Response.

Windows file system forensics is a vital aspect of digital forensics investigations, as it allows examiners to recover and analyze evidence.

The forensic value of MFT journals is that they can be used to find evidence of file creations, deletions, renames, etc.

We are going to extract this valuable information with a well-known tool made by Eric Zimmermann, and use a python-based addon I created.

The amount of information stored locally in the browser's folders is huge and can be super useful for forensic analysis.

Windows event logs provide a rich source of forensic information for threat hunting and incident response investigations.

While WMI and PowerShell can be used for attacks, they equally can be used for defense.

While Windows forensics is widely covered via several courses and articles, there are fewer resources introducing it to the Linux Forensics

The Evidence of execution might be your forensic solution.