If you’ve been following my work for a while, you already know this —I’ve written an entire series on SentinelOne. (If you haven’t read it yet, I’ll drop the link below — go check it out.) https://www.cyberengage.org/courses-1/mastering-sentinelone%3A-a-comprehensive-guide-to-deep-visibility%2C-threat-hunting%2C-and-advanced-querying%22 Recently, I also wrote about Dropzone AI and how AI is changing SOC capabilities, and yes, potentially even affecting SOC jobs. https://www.

By now, if you’ve followed the previous articles in this series, you should be very comfortable with: Creating timelines using Plaso / Log2Timeline Running Plaso on Windows and Ubuntu Creating timelines for Linux systems Understanding how timelines help reconstruct attacker activity If you haven’t read those yet, you can find them here: Creating a Timeline for Linux with fls, mactime, and Plaso (Log2Timeline) https://www.cyberengage.org/post/creating-a-timeline-for-linux-tria

Last Article on Memory analysis using MemProcFS Cached Files in MemProcFS The Windows operating system caches a large number of files in memory. This includes: Frequently used system artifacts such as registry hives, Prefetch files, and the $MFT Memory-mapped files like executables and DLLs Recently accessed user files such as Word documents, PDFs, and log files Files opened from removable media (USB) or even encrypted containers All of these cached items are tracked in memor

One of the most exciting upgrades to MemProcFS is the native integration of YARA signature scanning. By combining the power of YARA-based detection with deep memory inspection, MemProcFS makes it surprisingly easy to detect even highly stealthy malware variants. When enabled, YARA hits are surfaced a t the very top of the FindEvil output, which is exactly where they belong—since these detections often act as the starting point for deeper analysis. Expanded Coverage: Processes

If you’ve been following my Memory Analysis series, you may remember that I previously covered the initial investigation steps in detail in the article: “Step-by-Step Guide to Uncovering Threats with Volatility: A Beginner’s Memory Forensics Walkthrough” https://www.cyberengage.org/post/step-by-step-guide-to-uncovering-threats-with-volatility-a-beginner-s-memory-forensics-walkthrough Volatility is one of my favorite memory forensics tools. I genuinely love working with it—it