The Little Handbook of Windows Forensics
Andrea Fortunan has released his “The Little Handbook of Windows Forensics”. Here is the description from the au…
Robust Use of PsExec That Doesn’t Reveal Password Hashes
Brian Carrier and Chris Ray have found a way how to run PsExec and not reveal admin password hash. Check this blog post to l…
DEFT X Virtual Appliance is Available for Downloading
The latest version of the system dedicated to forensic analysis and incident management, DEFT X, is released and available f…
$SignaturesAreDead = “Long Live RESILIENT Signatures”
Signatures are dead, or so we’re told. It’s true that many items that are shared as Indicators of Compromise (file names/pat…
Spotting the Signs of Lateral Movement
Derek King has published another post as part of his “Hunting with Splunk: The Basics” series. This time he is d…
Magnet AXIOM Incident Response Examinations (AX310)
Magnet Forensics announced a new expert-level four-day training course. It is designed to give you the knowledge and skills …
Cybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents
Create, maintain, and manage a continual cybersecurity incident response program using the practical steps presented in this…
Memtriage v0.2-alpha Released
0.2-alpha version of memtriage has been released. This tool allows you to quickly query a Windows machine for RAM artifacts.…
Hands-On Network Forensics: Investigate network attacks and find evidences using common network forensic tools
A new book by Arthur Salmon has been announced by Packt Publishing. The book is titled “Hands-On Network Forensics: In…
SANS Hunt Evil Poster Updated
SANS has updated their Hunt Evil poster. It includes information about typical Windows processes, evidence of remote access …
