Join our Telegram DFIR group!
Guys, we have created a Telegram group, where we will do our best to answer all your questions. We will be very happy if you…
Event Log Forensics with Log Parser
As a continuation of the “Introduction to Windows Forensics” series, this video introduces Log Parser. This powe…
Windows RDP-Related Event Logs: Identification, Tracking, and Investigation
Jonathon Poling has published a very useful post about forensicating RDP-related event logs. You will learn a lot about the …
What Event Logs? Part 1: Attacker Tricks to Remove Event Logs
Many analysts rely on Windows Event Logs to help gain context of attacker activity on a system, with log entries serving as …
Investigate malicious logon with LogonTracer
LogonTracer helps digital forensics analysts to investigate malicious logon by visualizing and analyzing Windows active dire…
Carving EVTX
Quentin Jerome from RawSec shared an article on carving Windows Event Logs in EVTX format. He gives a short overview of the …
Detecting Lateral Movement through Tracking Event Logs
Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) presented an 80-page guide on how to detect lateral m…
Leveraging Windows Event Logs in Examinations
Black Bag Training Team continues Windows Forensic Essentials Blog Series with a post about forensic examination of&nbs…
