Explorer's | Learn IR/Cyber Sec

Oct 18, 20245 min read

Streamlining Cloud Log Analysis with Free Tools: Microsoft-Extractor-Suite and Microsoft-Analyzer-Suite

When it comes to investigating cloud environments, having the right tools can save a lot of time and effort. Today, I’ll introduce two...

70 views0 comments

Oct 17, 20244 min read

Streamlining Office/Microsoft 365 Log Acquisition: Tools, Scripts, and Best Practices

When conducting investigations, having access to Unified Audit Logs (UALs) from Microsoft 365 (M365) environments is crucial. These logs...

53 views0 comments

Oct 16, 20243 min read

M365 Logging: A Guide for Incident Responders

When it comes to Software as a Service (SaaS), defenders heavily rely on the logs and information provided by the vendor . For Microsoft...

49 views0 comments

Oct 15, 20244 min read

Microsoft Cloud Services: Focus on Microsoft 365 and Azure

Cloud Providers in Focus: Microsoft and Amazon In today’s cloud market, Microsoft and Amazon are the two biggest players, with each...

38 views0 comments

Oct 14, 20245 min read

Forensic Challenges of Cloud-Based Investigations in Large Organizations

Introduction: Cloud-Based Infrastructure and Its Forensic Challenges Large-scale investigations have a wide array of challenges. One...

43 views0 comments

Oct 10, 20245 min read

macOS Incident Response: Tactics, Log Analysis, and Forensic Tools

macOS logging is built on a foundation similar to traditional Linux/Unix systems, thanks to its BSD ancestry . While macOS generates a...

82 views0 comments

Oct 9, 20244 min read

Investigating macOS Persistence :macOS stores extensive configuration data in: Key Artifacts, Launch Daemons, and Forensic Strategies"

Let’s explore the common file system artifacts investigators need to check during incident response (IR). -------------------------------...

35 views0 comments

Oct 8, 20243 min read

Evidence Profiling : Key Device Information, User Accounts, and Network Settings on macOS

When investigating a macOS system, understanding its device information , user accounts , and network settings is critical....

36 views0 comments

Oct 7, 20246 min read

APFS Disk Acquisition: From Live Data Capture to Seamless Image Mounting

Understanding .plist Files (Property List Files) .plist files in macOS are like the registry in Windows. They store important...

51 views0 comments

Oct 6, 20244 min read

History of macOS and macOS File Structure

Early Apple Days Apple was established on April 1, 1976, and quickly made its mark with the Lisa in the early 1980s , the first public...

44 views0 comments

Oct 5, 20244 min read

Lateral Movement: User Access Logging (UAL) Artifact

Lateral movement is a crucial part of many cyberattacks, where attackers move from one system to another within a network, aiming to...

47 views0 comments

Oct 4, 20242 min read

Evidence of Execution: Program Compatibility Assistant (PCA)

Introduction The Program Compatibility Assistant (PCA) is a feature introduced in Windows 11 designed to help detect and fix...

66 views0 comments

Oct 3, 20242 min read

Identifying Legitimate vs. Suspicious Processes on Windows

When using Process Explorer on a Windows system, understanding the behavior and characteristics of legitimate processes helps identify...

35 views0 comments

Oct 2, 20242 min read

Understanding Endianness and Its Importance in Forensic Analysis

Endianness refers to the order in which bytes are arranged within larger data types, such as integers or floating-point numbers, when...

27 views0 comments

Oct 1, 20243 min read

Enhancing Linux Defenses: Key Areas for Cybersecurity Success

Securing Linux environments is a crucial task for defenders in the face of increasing cyber threats. Three primary strategies that can...

38 views0 comments

Sep 28, 20247 min read

Data Collection (Key Directories) in Digital Forensics for Linux

In digital forensics, it’s essential to follow the order of volatility to gather data effectively. The accepted standard, outlined in...

72 views0 comments

Sep 27, 20248 min read

Incident Response Log Strategy for Linux: An Essential Guide

In the field of incident response (IR), logs play a critical role in uncovering how attackers infiltrated a system, what actions they...

58 views0 comments

Sep 26, 20245 min read

Understanding Linux Timestamps and Key Directories in Forensic Investigations

When it comes to forensic investigations, Windows is often the primary focus. However, with the rise of Linux in server environments,...

56 views0 comments

Sep 25, 20245 min read

Understanding Linux Filesystems in DFIR: Challenges and Solutions

When it comes to Linux, one of the things that sets it apart from other operating systems is the sheer variety of available filesystems....

59 views0 comments

Sep 24, 20248 min read

Exploring Linux Attack Vectors: How Cybercriminals Compromise Linux Servers

------------------------------------------------------------------------------------------------------------ Attacking Linux: Initial...

40 views0 comments