Forensic Challenges of Cloud-Based Investigations in Large Organizations
Introduction: Cloud-Based Infrastructure and Its Forensic Challenges Large-scale investigations have a wide array of challenges. One...
top of page
-
Oct 105 min read
macOS Incident Response: Tactics, Log Analysis, and Forensic Tools
macOS logging is built on a foundation similar to traditional Linux/Unix systems, thanks to its BSD ancestry . While macOS generates a...
39 views0 comments
-
Oct 94 min read
Investigating macOS Persistence :macOS stores extensive configuration data in: Key Artifacts, Launch Daemons, and Forensic Strategies"
Let’s explore the common file system artifacts investigators need to check during incident response (IR). -------------------------------...
29 views0 comments
-
Oct 83 min read
Evidence Profiling : Key Device Information, User Accounts, and Network Settings on macOS
When investigating a macOS system, understanding its device information , user accounts , and network settings is critical....
30 views0 comments
-
Oct 76 min read
APFS Disk Acquisition: From Live Data Capture to Seamless Image Mounting
Understanding .plist Files (Property List Files) .plist files in macOS are like the registry in Windows. They store important...
44 views0 comments
-
Oct 64 min read
History of macOS and macOS File Structure
Early Apple Days Apple was established on April 1, 1976, and quickly made its mark with the Lisa in the early 1980s , the first public...
36 views0 comments
-
Oct 54 min read
Lateral Movement: User Access Logging (UAL) Artifact
Lateral movement is a crucial part of many cyberattacks, where attackers move from one system to another within a network, aiming to...
32 views0 comments
-
Oct 42 min read
Evidence of Execution: Program Compatibility Assistant (PCA)
Introduction The Program Compatibility Assistant (PCA) is a feature introduced in Windows 11 designed to help detect and fix...
48 views0 comments
-
Oct 32 min read
Identifying Legitimate vs. Suspicious Processes on Windows
When using Process Explorer on a Windows system, understanding the behavior and characteristics of legitimate processes helps identify...
25 views0 comments
-
Oct 22 min read
Understanding Endianness and Its Importance in Forensic Analysis
Endianness refers to the order in which bytes are arranged within larger data types, such as integers or floating-point numbers, when...
24 views0 comments
-
Oct 13 min read
Enhancing Linux Defenses: Key Areas for Cybersecurity Success
Securing Linux environments is a crucial task for defenders in the face of increasing cyber threats. Three primary strategies that can...
34 views0 comments
-
Sep 287 min read
Data Collection (Key Directories) in Digital Forensics for Linux
In digital forensics, it’s essential to follow the order of volatility to gather data effectively. The accepted standard, outlined in...
66 views0 comments
-
Sep 278 min read
Incident Response Log Strategy for Linux: An Essential Guide
In the field of incident response (IR), logs play a critical role in uncovering how attackers infiltrated a system, what actions they...
45 views0 comments
-
Sep 265 min read
Understanding Linux Timestamps and Key Directories in Forensic Investigations
When it comes to forensic investigations, Windows is often the primary focus. However, with the rise of Linux in server environments,...
51 views0 comments
-
Sep 255 min read
Understanding Linux Filesystems in DFIR: Challenges and Solutions
When it comes to Linux, one of the things that sets it apart from other operating systems is the sheer variety of available filesystems....
49 views0 comments
-
Sep 248 min read
Exploring Linux Attack Vectors: How Cybercriminals Compromise Linux Servers
------------------------------------------------------------------------------------------------------------ Attacking Linux: Initial...
34 views0 comments
-
Sep 234 min read
Incident Response for Linux: Challenges and Strategies
Linux, often referred to as "just the kernel," forms the foundation for a wide range of operating systems that power much of today’s...
32 views0 comments
-
Sep 209 min read
Navigating Velociraptor: A Step-by-Step Guide
Velociraptor is an incredibly powerful tool for endpoint visibility and digital forensics. In this guide, we’ll dive deep into the...
107 views0 comments
-
Sep 205 min read
Setting Up Velociraptor for Forensic Analysis in a Home Lab
Velociraptor is a powerful tool for incident response and digital forensics, capable of collecting and analyzing data from multiple...
115 views0 comments
-
Sep 204 min read
Exploring Velociraptor: A Versatile Tool for Incident Response and Digital Forensics
In the world of cybersecurity and incident response, having a versatile, powerful tool can make all the difference. Velociraptor is one...
92 views0 comments
bottom of page