top of page

Key Topics

Welcome to our curated collection of keynotes. Dive into a condensed version of our blog's essential topics, offering quick insights and crucial information. Explore these succinct summaries for a rapid grasp of our core content, designed to keep you informed and up-to-date

image.png

Security Intelligence Cycle

 Safeguarding Digital Fortresses, During my pursuit of the CYSA (Cybersecurity Analyst) certification, I gained insights into the pivotal role played by the Security Intelligence Cycle.

--------------------------------------------------------

Security Intelligence Cycle: Safeguarding Digital Fortresses:- Click Me

--------------------------------------------------------

image.png

Exploring Credentials theft way and defense

credential theft, exploring various attack vectors and, more importantly, delving into effective defense strategies.

------------------------------------------------------------

Hashes : Click Me        LSA Secrets: Click Me

Tokens : Click Me        Tickets: Click Me

Cached : Click Me       NTDS.DIT Click Me

------------------------------------------------------------

image.png

Understanding Lateral Movement

"lateral movement," is a sophisticated technique employed by attackers to navigate networks, evade detection, and gain access to valuable information

--------------------------------------------------------

Understanding Lateral Movement in Cyber Attacks: Click Me

--------------------------------------------------------

image.png

Understanding Pass the Hash and Golden Ticket 

malicious actors are constantly evolving their tactics to breach systems and gain unauthorized access

----------------------------------------------------------------------------------------

Pass the Hash Attacks and Mitigation :- Click me

Threat of Golden Ticket Attacks          :- Click Me

----------------------------------------------------------------------------------------

image.png

Incident Response Framework

With a clear framework in place, organizations can efficiently respond to incidents, minimize potential damages, and swiftly restore normalcy.

---------------------------------------------------------------------------------------

Overview  :- Click me                   Eradication Phase :- Click me

Preparation Phase:- Click me      Recovery Phase :- Click me

Detection Phase  :- Click me      Post-Incident Phase:- Click me

Containment Phase  :- Click me  Checklist /Cheat Sheet:- Click me

---------------------------------------------------------------------------------------

image.png

Understanding WMI, Detection, defense and hunting

WMI has evolved to become a double-edged sword, with both defenders and attackers leveraging its capabilities.

-----------------------------------------------------------

A Dive in its Capabilities and Stealthy Persistence Techniques :Click me  

Detecting WMI-Based AttacksClick me 

Understanding Event Consumers: Click Me

The Intricacies of MOF Files :Click Me

#PRAGMA AUTORECOVER :Click me 

Hunting Malicious WMI Activity :Click Me

-----------------------------------------------------------

image.png

Exploring Different Persistence mechanisms

The ability of malicious actors or malware to maintain a presence on a system, network, or application over an extended period, often to achieve unauthorized access or perform malicious activities.

---------------------------------------------------------

The Labyrinth of Autorun: Click me 

A Dive into Scheduled Tasks: Click me 

Windows Services  : Click me  

DLL Persistence Attacks: Click me

----------------------------------------------------------

image.png

KAPE Tool

KAPE, crafted by Eric Zimmerman, stands as a powerful, free, and versatile triage collection and post-processing tool designed to streamline forensic data gathering.   (My Professional use)

----------------------------------------------------------

Glimpses of Brilliance: Click me             

KAPE: A Detailed Exploration: Click me    

--------------------------------------------------------  

image.png

Artifacts for  Windows

Important artifacts to capture

in can of incident handling or image creation or digital forensics or threat hunting

​

​

Overview of the differences between various forensic artifacts:  Click Me

Windows Prefetch :- Blog Link Click me

directory Analysis :-  Tool link  Click me

-----------------------------------------------------------

Hibernation Files :-  Blog Link Click Me

----------------------------------------------------------

Shell Bags          :-  Blog Link Click Me

SBECmd.exe     :-  Tool Link  Click Me

----------------------------------------------------------

Lnk Files            :-  Blog Link  Click Me

LECmd.exe       :-  Took Link  Click Me

------------------------------------------------------------

Artifacts File Opening/Creation P1 : Click Me

Artifacts File Opening/Creation P2 : Click Me

-------------------------------------------------------------

Artifacts file download P1 : Click Me

Artifacts file download P2 : Click Me

---------------------------------------------------------------

Artifacts for USB or Drive Usage P1 : Click Me

Artifacts for USB or Drive Usage P2 : Click Me

---------------------------------------------------------------

Shimcache    :-   Blog Link Click me

Amcache.hiv :-  Tool link  Click me

-----------------------------------------------------------

Jump list Files  :- Blog Link Click Me

JLECmd.exe     :- Tool Link  Click Me

-----------------------------------------------------------

Recycle Bin       :- Blog Link  Click Me

Forensic            :- Tool Link   Click Me

-----------------------------------------------------------

Artifacts Program execution P1 :- Click Me

Artifacts Program execution P2 :- Click Me

-----------------------------------------------------------

Artifacts Deleted file Knowledge P1

 Click Me

Artifacts Deleted file Knowledge P2 

Click Me

-----------------------------------------------------------

 Artifacts for Account UsageClick Me

-----------------------------------------------------------

Artifacts for Physical Location : Click Me

-----------------------------------------------------------

image.png

Timeline Analysis and creation

Timeline analysis in digital forensics is the process of examining chronological data to reconstruct events that occurred on a computer or digital device.

----------------------------------------------------------------------------------------

 Timeline Analysis in Digital Forensics                          : Click me

 NTFS Timestamps (Timeline Analysis)                        : Click Me

 NTFS Timestamps: With Example                                : Click Me

Importance of Timestamp in Timeline Analysis while

Forensic Investigations                                                  : Click Me

A Deep Dive into Plaso/Log2Timeline Forensic Tools   : Click Me

Analysis of Timeline:Created using Plaso(Log2timeline : Click Me

----------------------------------------------------------------------------------------

image.png

Understanding NTFS

NTFS, short for New Technology File System, stands as a cornerstone of modern file management on Windows operating systems.

---------------------------------------------------------------------------------------

NTFS: Versatility of NTFS: A Comprehensive Overview : Click Me

NTFS: Understanding Metadata Structures($MFT)

and Types of System Files                                              : Click Me

NTFS: Understanding Metadata Entries                         : Click Me

NTFS: Metadata with The Sleuth Kit(istat)                      : Click Me

​

                  Anti-Forensics: Timestomping : Click Me

---------------------------------------------------------------------------------------

1_5KoGraiPRAFGcYZjq9if_g.png

Understanding Registry and forensic of Registry

​

The Windows registry is a crucial database storing system, software, hardware, and user configuration data.

----------------------------------------------------------------------------------------

Understanding Registry                                                : Click Me

Understanding Registry Hive transaction logs**           : Click Me

Understanding Important Registries                             : Click Me

Part 1- Registries related to System configuration       : Click Me

Part 2- Registries related to System configuration       : Click Me

Part 3- Registries related to System configuration       : Click Me

Part 4- Registries related to System configuration       Click Me

Part 1: Registry : Insights into User Activity                  Click Me

Part 2: Registry : Insights into User Activity                  : Click Me

Program Execution : UserAssist Registry Key || Shimcache/Amcache ||BAM/DAM                                : Click Me

----------------------------------------------------------------------------------------

image.png

NTFS Journaling in Digital Forensics (Different Artifact like $I30, $MFT, $LogFile, $UsnJrn

NTFS, the file system used by Windows operating systems, offers powerful journaling features that provide critical functionality to both the operating system and digital forensic investigations.

---------------------------------------------------------------------------------------

NTFS Journaling in Forensics $LogFile, $UsnJrnl        : Click Me

$LogFile, $UsnJrnl:- Parsing of $J  || $Logfile using MFTECmd.exe                                                              : Click Me

$LogFile, $UsnJrnl :- Analyzing of $J || $LogFile using

Timeline explorer                                                           : Click Me

NTFS Common Activity Patterns in the Journals $LogFile,$UsnJrnl                                                         : Click Me

Collecting, Parsing, Analyzing the $MFT                       : Click Me

Understanding, Collecting, Parsing the $I30                 : Click Me

​

                 Overview of NTFS File System: Click Me

---------------------------------------------------------------------------------------

image.png

Important Concepts

​

----------------------------------------------------------------------------------------

Extracting/Examine VSS Copies for Forensic             : Click Me

Techniques for Data Recovery and Analysis              : Click Me

File Origins: The Role of Alternate Data Streams (ADS)/(Zone.Identifier) in Forensic Investigations      : Click Me

(SSDs): Acquisition, Analysis, and Best Practices     : Click Me

----------------------------------------------------------------------------------------

Email forensics'.jpg

Email Analysis/Forensic In depth

Email forensics is indeed a powerful in the realm of digital investigations.

---------------------------------------------------------------------------------------

Understanding the Email Forensic                                : Click Me

Analyzing Email Structures and Forensic Challenges  : Click Me

Understanding Email Headers in Digital Forensics       : Click Me

Deep Dive into Additional Email Header Fields             : Click Me

Detailed explanation of SPF, DKIM, DMARC                 : Click Me

Understanding Host-Based Email in Digital Forensics  : Click Me

Exploring PST and OST File Viewers                            : Click Me

Outlook Attachment Recovery                                       : Click Me

Email Clients, Corrupted Email Archives                       : Click Me

Demystifying Email Encryption and Forensic Analysis  : Click Me

Email Storage: Server vs. Workstation                          : Click Me

"Recoverable Items" Folder in Microsoft Exchange      : Click Me

Email Evidence from Network-Based Servers              : Click Me

Email Data Extraction from Exchange Servers             : Click Me

Compliance Search in Microsoft Exchange                  : Click Me

Power of Content Search in Office 365                         : Click Me

Complexities of Webmail Forensics                              : Click Me

Mobile Email and SMS/MMS Forensics                       : Click Me

---------------------------------------------------------------------------------------

Get In Touch

Email:- akashpatel1786@gmail.com

Phone no:- +918360114439

Social Networking

  • Facebook
  • Instagram
  • LinkedIn
iphone
bottom of page