Forensics Posts

Windows file system forensics is a vital aspect of digital forensics investigations, as it allows examiners to recover and analyze evidence.

The forensic value of MFT journals is that they can be used to find evidence of file creations, deletions, renames, etc.

We are going to extract this valuable information with a well-known tool made by Eric Zimmermann, and use a python-based addon I created.

The amount of information stored locally in the browser's folders is huge and can be super useful for forensic analysis.

Windows event logs provide a rich source of forensic information for threat hunting and incident response investigations.

While WMI and PowerShell can be used for attacks, they equally can be used for defense.

While Windows forensics is widely covered via several courses and articles, there are fewer resources introducing it to the Linux Forensics

The Evidence of execution might be your forensic solution.

Office documents will continue to be the most common methods used by attackers to trick users and execute malicious activity.

Shadow Copies is the one thing you need to add your Forensics activity list.

RDP is that thing you want to investigate...

Registry Hives are one of the major evidence providers for us, the analysts.

BIOC or IOC? Maybe both?