In this new series, we'll be diving deep into investigation and forensics within Google Workspace (the Google ecosystem). So tighten your seatbelt—let's go! When diving into cloud forensics—especially in Google Workspace—there’s a lot more to unravel than just user credentials or login timestamps. One of the most overlooked but crucial areas  is how permissions  are managed within the environment. let's break down two key building blocks of Google Workspace that matter a lot

Enough theory. Now let’s actually touch NetFlow data . If you’re doing DFIR, threat hunting, or even basic network investigations, one toolkit you must  be comfortable with is the nfdump suite. This suite gives you three extremely important tools: nfcapd – the collector nfpcapd – the pcap-to-NetFlow converter nfdump – the analysis engine ----------------------------------------------------------------------------------------------------------- nfcapd: The NetFlow Collector (W

Let’s talk about where NetFlow either becomes incredibly powerful… or painfully slow. Most NetFlow analysis are done on GUI: browser-based or thin clients that are basically a browser wrapped with authentication, branding, and access control Nothing wrong with that — in fact, it makes a lot of sense. In most deployments, the GUI or console is hosted close to the storage laye r  or on the same system entirely. That design choice is intentional. When analysts start querying mo

I’ll be honest. For a long time, I never really gave NetFlow  the priority it deserves. PCAP was always the gold standard in my head. If you want to know what really  happened on the network, you go straight to packet capture. End of story. But after reading more, testing more, and actually thinking about scale, cost, and real-world SOC/DFIR constraints, my opinion changed. Today, I want to talk about why NetFlow matters , when it actually makes your job easier, and why full

If you’ve been following my work for a while, you already know this —I’ve written an entire series on SentinelOne. (If you haven’t read it yet, I’ll drop the link below — go check it out.) https://www.cyberengage.org/courses-1/mastering-sentinelone%3A-a-comprehensive-guide-to-deep-visibility%2C-threat-hunting%2C-and-advanced-querying%22 Recently, I also wrote about Dropzone AI  and how AI is changing SOC capabilities, and yes, potentially even affecting SOC jobs. https://www.