What Event Logs? Part 2: Lateral Movement without Event Logs
Many analysts rely on Windows Event Logs to help gain context of attacker activity on a system, with log entries serving as …
Many analysts rely on Windows Event Logs to help gain context of attacker activity on a system, with log entries serving as …
As a continuation of Richard Davis’ “Introduction to Windows Forensics” series, this video introduces Recy…
Invoke-LiveResponse is a module for Live Response and Forensic collections over WinRM written by Matthew Green. You can…
Yet another registry parser, or yarp, is a library and tools to deal with Windows registry files [1]. Despite the name, yarp…
Sergey Golovanov and Igor Soumenkov have prepared a New Year present for DFIR community: they have presented their scri…
page_brute.py is a digital forensic tool purposed to analyze and categorize individual paged memory frames from Windows…
CERTitude is a Python-based tool which aims at assessing the compromised perimeter during incident response assignments. It …
LogonTracer helps digital forensics analysts to investigate malicious logon by visualizing and analyzing Windows active dire…
Mimikatz is a common tool used by APT in modern cyber attacks to harvest admin’s and user’s login credentials. I…
The Windows registry is an essential source of evidence when performing a wide range of examinations. In a recent talk (Zero…
Login