top of page
Please access this website using a laptop / desktop or tablet for the best experience
Search Results
Blog Posts (271)
Other Pages (26)
271 results found for "forensic"
- Tracking Kerberos & NTLM Authentication Failures and Investigation
Now, from a forensic point of view — here’s what we care about 👇 Event ID Location Meaning 4776 On the
- SentinelOne(P5- Incidents): A Practical Guide/An Practical Training
This is the go-to place for SOC analysts , alert monitoring teams , and even DFIR (Digital Forensics
- Final Phase of a Ransomware Attack: Impact and Recovery Challenges
From a forensic perspective, the Overwrite/Rename method might leave evidence in the $UsnJrnl or $LogFile
- Tracking Lateral Movement: PowerShell Remoting, WMIC, Explicit Credentials, NTLM Relay Attacks, Credential Theft and Reuse (Event IDs)
Memory forensics for hidden or injected processes. -------------------------------------------------
- Master Wireshark tool Like a Pro: – The Ultimate Packet Analysis Guide for Real-World Analysts
So, if you’re diving into packet analysis or network forensics, you will spend a LOT of time inside Wireshark
- Azure(Tenant Logs) : A Guide for IR
However, the Azure portal limits logs to the last 30 days , making it unsuitable for long-term forensic
- Fileless Malware || LOLBAS || LOLBAS Hunting Using Prefetch, Event Logs, and Sysmon
attacks often exists in various forms across the disk and system memory, making it crucial for Digital Forensics
bottom of page