Key Topics
Welcome to our curated collection of keynotes. Dive into a condensed version of our blog's essential topics, offering quick insights and crucial information. Explore these succinct summaries for a rapid grasp of our core content, designed to keep you informed and up-to-date
Security Intelligence Cycle
Safeguarding Digital Fortresses, During my pursuit of the CYSA (Cybersecurity Analyst) certification, I gained insights into the pivotal role played by the Security Intelligence Cycle.
--------------------------------------------------------
Security Intelligence Cycle: Safeguarding Digital Fortresses:- Click Me
--------------------------------------------------------
Exploring Credentials theft way and defense
credential theft, exploring various attack vectors and, more importantly, delving into effective defense strategies.
------------------------------------------------------------
Hashes : Click Me LSA Secrets: Click Me
Tokens : Click Me Tickets: Click Me
Cached : Click Me NTDS.DIT Click Me
------------------------------------------------------------
Understanding Lateral Movement
"lateral movement," is a sophisticated technique employed by attackers to navigate networks, evade detection, and gain access to valuable information
--------------------------------------------------------
Understanding Lateral Movement in Cyber Attacks: Click Me
--------------------------------------------------------
Understanding Pass the Hash and Golden Ticket
malicious actors are constantly evolving their tactics to breach systems and gain unauthorized access
----------------------------------------------------------------------------------------
Pass the Hash Attacks and Mitigation :- Click me
Threat of Golden Ticket Attacks :- Click Me
----------------------------------------------------------------------------------------
Incident Response Framework
With a clear framework in place, organizations can efficiently respond to incidents, minimize potential damages, and swiftly restore normalcy.
---------------------------------------------------------------------------------------
Overview :- Click me Eradication Phase :- Click me
Preparation Phase:- Click me Recovery Phase :- Click me
Detection Phase :- Click me Post-Incident Phase:- Click me
Containment Phase :- Click me Checklist /Cheat Sheet:- Click me
---------------------------------------------------------------------------------------
Understanding WMI, Detection, defense and hunting
WMI has evolved to become a double-edged sword, with both defenders and attackers leveraging its capabilities.
-----------------------------------------------------------
A Dive in its Capabilities and Stealthy Persistence Techniques :Click me
Detecting WMI-Based Attacks: Click me
Understanding Event Consumers: Click Me
The Intricacies of MOF Files :Click Me
#PRAGMA AUTORECOVER :Click me
Hunting Malicious WMI Activity :Click Me
-----------------------------------------------------------
Exploring Different Persistence mechanisms
The ability of malicious actors or malware to maintain a presence on a system, network, or application over an extended period, often to achieve unauthorized access or perform malicious activities.
---------------------------------------------------------
The Labyrinth of Autorun: Click me
A Dive into Scheduled Tasks: Click me
Windows Services : Click me
DLL Persistence Attacks: Click me
----------------------------------------------------------
KAPE Tool
KAPE, crafted by Eric Zimmerman, stands as a powerful, free, and versatile triage collection and post-processing tool designed to streamline forensic data gathering. (My Professional use)
----------------------------------------------------------
Glimpses of Brilliance: Click me
KAPE: A Detailed Exploration: Click me
--------------------------------------------------------
Artifacts for Windows
Important artifacts to capture
in can of incident handling or image creation or digital forensics or threat hunting
​
​
Overview of the differences between various forensic artifacts: Click Me
Windows Prefetch :- Blog Link Click me
directory Analysis :- Tool link Click me
-----------------------------------------------------------
Hibernation Files :- Blog Link Click Me
----------------------------------------------------------
Shell Bags :- Blog Link Click Me
SBECmd.exe :- Tool Link Click Me
----------------------------------------------------------
Lnk Files :- Blog Link Click Me
LECmd.exe :- Took Link Click Me
------------------------------------------------------------
Artifacts File Opening/Creation P1 : Click Me
Artifacts File Opening/Creation P2 : Click Me
-------------------------------------------------------------
Artifacts file download P1 : Click Me
Artifacts file download P2 : Click Me
---------------------------------------------------------------
Artifacts for USB or Drive Usage P1 : Click Me
Artifacts for USB or Drive Usage P2 : Click Me
---------------------------------------------------------------
Shimcache :- Blog Link Click me
Amcache.hiv :- Tool link Click me
-----------------------------------------------------------
Jump list Files :- Blog Link Click Me
JLECmd.exe :- Tool Link Click Me
-----------------------------------------------------------
Recycle Bin :- Blog Link Click Me
Forensic :- Tool Link Click Me
-----------------------------------------------------------
Artifacts Program execution P1 :- Click Me
Artifacts Program execution P2 :- Click Me
-----------------------------------------------------------
Artifacts Deleted file Knowledge P1:
Artifacts Deleted file Knowledge P2:
-----------------------------------------------------------
Artifacts for Account Usage : Click Me
-----------------------------------------------------------
Artifacts for Physical Location : Click Me
-----------------------------------------------------------
Timeline Analysis and creation
Timeline analysis in digital forensics is the process of examining chronological data to reconstruct events that occurred on a computer or digital device.
----------------------------------------------------------------------------------------
Timeline Analysis in Digital Forensics : Click me
NTFS Timestamps (Timeline Analysis) : Click Me
NTFS Timestamps: With Example : Click Me
Importance of Timestamp in Timeline Analysis while
Forensic Investigations : Click Me
A Deep Dive into Plaso/Log2Timeline Forensic Tools : Click Me
Analysis of Timeline:Created using Plaso(Log2timeline : Click Me
----------------------------------------------------------------------------------------
Understanding NTFS
NTFS, short for New Technology File System, stands as a cornerstone of modern file management on Windows operating systems.
---------------------------------------------------------------------------------------
NTFS: Versatility of NTFS: A Comprehensive Overview : Click Me
NTFS: Understanding Metadata Structures($MFT)
and Types of System Files : Click Me
NTFS: Understanding Metadata Entries : Click Me
NTFS: Metadata with The Sleuth Kit(istat) : Click Me
​
Anti-Forensics: Timestomping : Click Me
---------------------------------------------------------------------------------------
Understanding Registry and forensic of Registry
​
The Windows registry is a crucial database storing system, software, hardware, and user configuration data.
----------------------------------------------------------------------------------------
Understanding Registry : Click Me
Understanding Registry Hive transaction logs** : Click Me
Understanding Important Registries : Click Me
Part 1- Registries related to System configuration : Click Me
Part 2- Registries related to System configuration : Click Me
Part 3- Registries related to System configuration : Click Me
Part 4- Registries related to System configuration : Click Me
Part 1: Registry : Insights into User Activity : Click Me
Part 2: Registry : Insights into User Activity : Click Me
Program Execution : UserAssist Registry Key || Shimcache/Amcache ||BAM/DAM : Click Me
----------------------------------------------------------------------------------------
NTFS Journaling in Digital Forensics (Different Artifact like $I30, $MFT, $LogFile, $UsnJrn
NTFS, the file system used by Windows operating systems, offers powerful journaling features that provide critical functionality to both the operating system and digital forensic investigations.
---------------------------------------------------------------------------------------
NTFS Journaling in Forensics $LogFile, $UsnJrnl : Click Me
$LogFile, $UsnJrnl:- Parsing of $J || $Logfile using MFTECmd.exe : Click Me
$LogFile, $UsnJrnl :- Analyzing of $J || $LogFile using
Timeline explorer : Click Me
NTFS Common Activity Patterns in the Journals $LogFile,$UsnJrnl : Click Me
Collecting, Parsing, Analyzing the $MFT : Click Me
Understanding, Collecting, Parsing the $I30 : Click Me
​
Overview of NTFS File System: Click Me
---------------------------------------------------------------------------------------
Important Concepts
​
----------------------------------------------------------------------------------------
Extracting/Examine VSS Copies for Forensic : Click Me
Techniques for Data Recovery and Analysis : Click Me
File Origins: The Role of Alternate Data Streams (ADS)/(Zone.Identifier) in Forensic Investigations : Click Me
(SSDs): Acquisition, Analysis, and Best Practices : Click Me
----------------------------------------------------------------------------------------
Email Analysis/Forensic In depth
Email forensics is indeed a powerful in the realm of digital investigations.
---------------------------------------------------------------------------------------
Understanding the Email Forensic : Click Me
Analyzing Email Structures and Forensic Challenges : Click Me
Understanding Email Headers in Digital Forensics : Click Me
Deep Dive into Additional Email Header Fields : Click Me
Detailed explanation of SPF, DKIM, DMARC : Click Me
Understanding Host-Based Email in Digital Forensics : Click Me
Exploring PST and OST File Viewers : Click Me
Outlook Attachment Recovery : Click Me
Email Clients, Corrupted Email Archives : Click Me
Demystifying Email Encryption and Forensic Analysis : Click Me
Email Storage: Server vs. Workstation : Click Me
"Recoverable Items" Folder in Microsoft Exchange : Click Me
Email Evidence from Network-Based Servers : Click Me
Email Data Extraction from Exchange Servers : Click Me
Compliance Search in Microsoft Exchange : Click Me
Power of Content Search in Office 365 : Click Me
Complexities of Webmail Forensics : Click Me
Mobile Email and SMS/MMS Forensics : Click Me
---------------------------------------------------------------------------------------