Search Results
302 results found for "forensic"
- Querying Like a Pro in Arkime: Getting the Most Out of Arkime Viewer: Beyond the Basics
This is where packet forensics turns visual, interactive, and actually fun . 🔓 “Unrolling” a Session
- Tracking Lateral Movement — Named Pipes, Scheduler, Services, Registry, and DCOM (Event IDs)
Luckily, Windows leaves behind rich forensic artifacts — if you know where to look. Even if the attacker deletes the task, the XML file may remain or be recovered forensically from disk
- Log Analysis – It’s Not About Knowing, It’s About Correlating
available now — like Hayabusa : https://www.cyberengage.org/post/hayabusa-a-powerful-log-analysis-tool-for-forensics-and-threat-hunting Captures client that disconnected 4801 Workstation Unlocked Often seen before Type 7 reconnects Key Forensic
- Streamlining Cloud Log Analysis with Free Tools: Microsoft-Extractor-Suite and Microsoft-Analyzer-Suite
This toolkit provides a convenient way to gather logs and other key information for forensic analysis
- Power of AWS: EC2, AMIs, and Secure Cloud Storage Solutions
SIFT AMI : One notable AMI available is the SANS Community SIFT VM, a preconfigured forensic image,
- Tracking Kerberos & NTLM Authentication Failures and Investigation
Now, from a forensic point of view — here’s what we care about 👇 Event ID Location Meaning 4776 On the
- SentinelOne(P5- Incidents): A Practical Guide/An Practical Training
This is the go-to place for SOC analysts , alert monitoring teams , and even DFIR (Digital Forensics
- Let’s Go Practical: Working with NetFlow Using nfdump Tools
.201302262305 Why this matters: files sort naturally by time no database needed easy scripting easy forensic
- NetFlow: Something I Seriously Underestimated (Until I Didn’t)
Sampled NetFlow tracks every n packets Sampled NetFlow: under-represents data volume is not suitable for forensic
- Final Phase of a Ransomware Attack: Impact and Recovery Challenges
From a forensic perspective, the Overwrite/Rename method might leave evidence in the $UsnJrnl or $LogFile
- Tracking Lateral Movement: PowerShell Remoting, WMIC, Explicit Credentials, NTLM Relay Attacks, Credential Theft and Reuse (Event IDs)
Memory forensics for hidden or injected processes. -------------------------------------------------
- Master Wireshark tool Like a Pro: – The Ultimate Packet Analysis Guide for Real-World Analysts
So, if you’re diving into packet analysis or network forensics, you will spend a LOT of time inside Wireshark
