This week Jason Roslewicz from SUMURI shares his insights about the impact of artificial intelligence and provides advice for navigating through changing times.
This week is a Windows artifact breakdown on a common source of evidence.
This week I cover malware on Linux file systems for new examiners.
This week is a guide to understanding SVCHOST from a DFIR point of view. It is one of the most abused Windows processes, and having a firm working knowledge for investigations is essential.
This week is a Windows artifact breakdown on a common source of evidence.
This week I cover the Linux file system for new examiners.
This week I breakdown the elements within a standard CVSS report for fast triage application.
This week I talk about how to triage Windows events for network connection activity.
This week I talk about how to approach investigations involving remote desktop connections.
This week I talk about Windows core processes from a DFIR point of view.
This week I talk about Powershell attack IOCs.
This week I talk about how to triage Windows events for network connection activity.
This week is my annual career assessment review - or, my guidelines of how to evaluate your past performance and your future goals.
This week I talk about how to triage Windows events for network listening activity.
This week I talk about an approach for reviewing Windows event logs.
This week I talk about an approach for reviewing CMD syntax for findings.
This week I talk about essential network basics necessary for triage.
This week I talk about Webshell forensics.
This week I talk about Webshell forensics.
This week I talk about Windows startup locations.
This week I talk about Windows Prefetch forensics.
This week I talk about fileless attacks Linux systems.
This week I talk about how to find evidence of malicious autoruns in the windows registry using Windows event codes.
This week I talk about strategies to determine root cause early during an investigation.
This week is a breakdown of HTTP log forensic triage.