top of page
Please access this website using a laptop / desktop or tablet for the best experience
Let's Talk About HTTP – The Backbone of the Web (And a Goldmine for DFIR Folks)
--------------------------------------------------------------------------------------------------- Thanks for all the support on the...
-
Jun 9, 202510 min read
The Silent Journey: A Cautionary Tale in Cyber Risk
By Dean and Co-founder(Keeping him hidden) N ote: The following is a real-world scenario. While specific details have been redacted for...
-
Jun 3, 20253 min read
Where Do We Begin? A Network Forensic Investigator’s Steps
Forensic Mindset article let’s be honest—when you're knee-deep in a digital forensic investigation or a threat hunting session, one of...
-
Jun 2, 20259 min read
Master Wireshark tool Like a Pro: – The Ultimate Packet Analysis Guide for Real-World Analysts
Thanks for stopping by! I know you’ve probably come across tons of Wireshark articles already, but trust me—this one’s different. I’ve...
-
May 26, 20257 min read
Forensic Analysis of SQLite Databases
SQLite databases are widely used across multiple platforms, including mobile devices, web browsers, and desktop applications. Forensic...
-
May 23, 20253 min read
BPF Ninja: Making Sense of Tcpdump, Wireshark, and the PCAP World
Hey folks! Today we’re diving into a topic every network forensic analyst must get familiar with: tcpdump and the power-packed world...
-
May 16, 20259 min read
Proxies in DFIR– Deep Dive into Squid Log & Cache Forensics with Calamaris and Extraction Techniques
I’m going to walk you through how to analyze proxy logs—what tools you can use, what patterns to look for, and where to dig deeper—but...
-
May 12, 20256 min read
Understanding Linux: Kernel Logs, Syslogs, Authentication Logs, and User Management
Alright, let’s break down Linux user management, authentication, and logging in a way that actually makes sense, especially if you’ve...
-
May 7, 20257 min read
Linux File System Analysis and Linux File Recovery: EXT2/3/4 Techniques Using Debugfs, Ext4magic & Sleuth Kit
When you're digging into Linux systems, especially during live forensics or incident response, understanding file system behavior is...
-
May 5, 20255 min read
Timestomping in Linux: Techniques, Detection, and Forensic Insights
------------------------------------------------------------------------------------------------------ Before we dive into timestomping...
-
May 1, 20253 min read
Understanding Linux Service Management Systems and Persistence Mechanisms in System Compromise
Before I start, I have already touched on persistence mechanism in article (Exploring Linux Attack Vectors: How Cybercriminals Compromise...
-
Apr 30, 20256 min read
Evidence Collection in Linux Forensics (Disk + Memory Acquisition)
Hey everyone! Today, we’re going to dive into a super important topic when it comes to Linux forensics — evidence collection .We’ll...
-
Apr 29, 20254 min read
Creating a Timeline for Linux Triage with fls, mactime, and Plaso (Log2Timeline)
Building a timeline during forensic investigations is super important — it helps you see what happened and when . Today, I’ll walk you...
-
Apr 28, 20254 min read
Digital Forensics (Part 2): The Importance of Rapid Triage Collection - Kape vs FTK Imager
In the fast-evolving world of digital forensics, time is critical. Traditional methods of acquiring full disk images are becoming...
-
Apr 26, 20254 min read
Disk Imaging (Part 1) : Memory Acquisition & Encryption Checking
Imagine you need to make a perfect copy of everything on a hard drive—not just the files you see, but also hidden system data,...
-
Apr 25, 202512 min read
Extracting Memory Objects with MemProcFS/Volatility3/Bstrings: A Practical Guide
---------------------------------------------------------------------------------------------------- I have already article related to...
-
Apr 23, 20255 min read
Understanding Userland Hooks and Rootkits in Real-World Investigations
Security improvements have made kernel rootkit techniques like (Import Address Table) IDT and SSDT hooks much harder for attackers to...
-
Apr 22, 20253 min read
Understanding Rootkits: The Ultimate Cybersecurity Nightmare and Direct Kernel Object Manipulation
Rootkits have been keeping cybersecurity pros up at night for years. These sneaky pieces of malware can hide deep inside a system, making...
-
Apr 21, 20254 min read
Intrusion Analysis and Incident Response on macOS: File Quarantine, Antivirus Mechanisms, and Memory Forensics Overview
When investigating a security incident on macOS, understanding how the system handles file quarantine, malware execution, and antivirus...
-
Apr 18, 20256 min read
Understanding macOS Document Versions and iCloud Storage, Syncing
macOS introduced the Versions feature in macOS 10.7 as an automatic backup system for certain document types. This allows users to...
-
Apr 17, 20254 min read
bottom of page