This week I talk about different ways to approach windows process triage. There are so many processes, especially in enterprise environments, having a standard approach that is fast and effective is key for security incident response.
This week Jason Roslewicz from SUMURI shares his insights about the impact of artificial intelligence and provides advice for navigating through changing times.
This week is a Windows artifact breakdown on a common source of evidence.
This week I cover malware on Linux file systems for new examiners.
This week is a guide to understanding SVCHOST from a DFIR point of view. It is one of the most abused Windows processes, and having a firm working knowledge for investigations is essential.
This week is a Windows artifact breakdown on a common source of evidence.
This week I cover the Linux file system for new examiners.
This week I breakdown the elements within a standard CVSS report for fast triage application.
This week I talk about how to triage Windows events for network connection activity.
This week I talk about how to approach investigations involving remote desktop connections.
This week I talk about Windows core processes from a DFIR point of view.
This week I talk about Powershell attack IOCs.
This week I talk about how to triage Windows events for network connection activity.
This week is my annual career assessment review - or, my guidelines of how to evaluate your past performance and your future goals.
This week I talk about how to triage Windows events for network listening activity.
This week I talk about an approach for reviewing Windows event logs.
This week I talk about an approach for reviewing CMD syntax for findings.
This week I talk about essential network basics necessary for triage.
This week I talk about Webshell forensics.
This week I talk about Webshell forensics.
This week I talk about Windows startup locations.
This week I talk about Windows Prefetch forensics.
This week I talk about fileless attacks Linux systems.
This week I talk about how to find evidence of malicious autoruns in the windows registry using Windows event codes.
This week I talk about strategies to determine root cause early during an investigation.