This week I Cover my all-time favorite Windows event, security event 4688: new process creation. If you do windows, incident, response, forensics, this is a must-know know artifact.

This week I talk about SVCHOST; how it fits into the Windows operating system, and how to think about it from a DFIR point of view.

This week I talk with Interview with Yugal Pathak about organizational forensic readiness.

This week I talk about the role and typical responsibilities DFIR professionals may be called up to take to assist with a zero-day response.

This week Jason Roslewicz from SUMURI returns to talk more about AI issues.

This week I break down the Windows System Resource Usage Monitor from a DFIR point of view.

This week I cover some malware detection methods for Linux.

This week I talk about different ways to approach windows process triage. There are so many processes, especially in enterprise environments, having a standard approach that is fast and effective is key for security incident response.

This week Jason Roslewicz from SUMURI shares his insights about the impact of artificial intelligence and provides advice for navigating through changing times. 

This week is a Windows artifact breakdown on a common source of evidence.

This week I cover malware on Linux file systems for new examiners.

This week is a guide to understanding SVCHOST from a DFIR point of view. It is one of the most abused Windows processes, and having a firm working knowledge for investigations is essential.

This week is a Windows artifact breakdown on a common source of evidence.

This week I cover the Linux file system for new examiners.

This week I breakdown the elements within a standard CVSS report for fast triage application.

This week I talk about how to triage Windows events for network connection activity.

This week I talk about how to approach investigations involving remote desktop connections.

This week I talk about Windows core processes from a DFIR point of view.

This week I talk about Powershell attack IOCs.

This week I talk about how to triage Windows events for network connection activity.

This week is my annual career assessment review - or, my guidelines of how to evaluate your past performance and your future goals.

This week I talk about how to triage Windows events for network listening activity.

This week I talk about an approach for reviewing Windows event logs.

This week I talk about an approach for reviewing CMD syntax for findings.

This week I talk about essential network basics necessary for triage.