top of page
Please access this website using a laptop / desktop or tablet for the best experience
Streamlining Office/Microsoft 365 Log Acquisition: Tools, Scripts, and Best Practices
When conducting investigations, having access to Unified Audit Logs (UALs) from Microsoft 365 (M365) environments is crucial. These logs...
-
Oct 17, 20244 min read
M365 Logging: A Guide for Incident Responders
When it comes to Software as a Service (SaaS), defenders heavily rely on the logs and information provided by the vendor . For Microsoft...
-
Oct 16, 20243 min read
Microsoft Cloud Services: Focus on Microsoft 365 and Azure
Cloud Providers in Focus: Microsoft and Amazon In today’s cloud market, Microsoft and Amazon are the two biggest players, with each...
-
Oct 15, 20244 min read
Forensic Challenges of Cloud-Based Investigations in Large Organizations
Introduction: Cloud-Based Infrastructure and Its Forensic Challenges Large-scale investigations have a wide array of challenges. One...
-
Oct 14, 20245 min read
macOS Incident Response: Tactics, Log Analysis, and Forensic Tools
macOS logging is built on a foundation similar to traditional Linux/Unix systems, thanks to its BSD ancestry . While macOS generates a...
-
Oct 10, 20245 min read
Investigating macOS Persistence :macOS stores extensive configuration data in: Key Artifacts, Launch Daemons, and Forensic Strategies"
Let’s explore the common file system artifacts investigators need to check during incident response (IR). -------------------------------...
-
Oct 9, 20244 min read
Evidence Profiling : Key Device Information, User Accounts, and Network Settings on macOS
Updated 24 Feb,2024 When investigating a macOS system, understanding its device information , user accounts , and network settings is...
-
Oct 8, 20246 min read
APFS Disk Acquisition: From Live Data Capture to Seamless Image Mounting
Updated on 20 Feb,2025 Understanding .plist Files (Property List Files) .plist files in macOS are like the registry in Windows. They...
-
Oct 7, 20249 min read
History of macOS and macOS File Structure
Updated on 23 February, 2025 Early Apple Days Apple was established on April 1, 1976, and quickly made its mark with the Lisa in the...
-
Oct 6, 20245 min read
Lateral Movement: User Access Logging (UAL) Artifact
Lateral movement is a crucial part of many cyberattacks, where attackers move from one system to another within a network, aiming to...
-
Oct 5, 20244 min read
Evidence of Execution: Program Compatibility Assistant (PCA)
Introduction The Program Compatibility Assistant (PCA) is a feature introduced in Windows 11 designed to help detect and fix...
-
Oct 4, 20242 min read
Identifying Legitimate vs. Suspicious Processes on Windows
When using Process Explorer on a Windows system, understanding the behavior and characteristics of legitimate processes helps identify...
-
Oct 3, 20242 min read
Understanding Endianness and Its Importance in Forensic Analysis
Endianness refers to the order in which bytes are arranged within larger data types, such as integers or floating-point numbers, when...
-
Oct 2, 20242 min read
Enhancing Linux Defenses: Key Areas for Cybersecurity Success
Securing Linux environments is a crucial task for defenders in the face of increasing cyber threats. Three primary strategies that can...
-
Oct 1, 20243 min read
Data Collection (Key Directories) in Digital Forensics for Linux
In digital forensics, it’s essential to follow the order of volatility to gather data effectively. The accepted standard, outlined in...
-
Sep 28, 20247 min read
Incident Response Log Strategy for Linux: An Essential Guide
In the field of incident response (IR), logs play a critical role in uncovering how attackers infiltrated a system, what actions they...
-
Sep 27, 20248 min read
Understanding Linux Timestamps and Key Directories in Forensic Investigations
When it comes to forensic investigations, Windows is often the primary focus. However, with the rise of Linux in server environments,...
-
Sep 26, 20245 min read
Understanding Linux Filesystems in DFIR: Challenges and Solutions
When it comes to Linux, one of the things that sets it apart from other operating systems is the sheer variety of available filesystems....
-
Sep 25, 20245 min read
Exploring Linux Attack Vectors: How Cybercriminals Compromise Linux Servers
------------------------------------------------------------------------------------------------------------ Attacking Linux: Initial...
-
Sep 24, 20248 min read
Incident Response for Linux: Challenges and Strategies
Linux, often referred to as "just the kernel," forms the foundation for a wide range of operating systems that power much of today’s...
-
Sep 23, 20244 min read
bottom of page