KAPE: Few Use Cases for Incident Responders
After numerous requests, I've compiled a comprehensive list of practical use cases for KAPE (Kroll Artifact Parser and Extractor). This...
top of page
-
Jun 192 min read
Understanding and Managing Thumbnail Cache in Windows: Tools thumbcache_viewer_64
Introduction Thumbnail cache in Windows is an essential feature that helps speed up the display of folders by storing thumbnail images....
53 views0 comments
-
Jun 172 min read
Streamlining USB Device Identification with a Single Script
Identifying and analyzing USB device details can be a tedious and time-consuming task. It often requires combing through various system...
42 views0 comments
-
Jun 172 min read
USB MSC Device Forensics: A Quick Guide for Windows
Hey there, tech detectives! If you're digging into USB devices on Windows 7 to 10, here's a handy guide to help you gather all the...
36 views0 comments
-
Jun 162 min read
Optional: If EMDMgmt Key Present (Finding Your USB's Volume Serial Number)
So, you've found those Windows logs and you're curious about what else you can track? Let's talk about the Volume Serial Number, a nifty...
29 views0 comments
-
Jun 152 min read
Event Logging for Removable Device Activity
1. The "I Just Plugged In a USB" Log (Event ID 20001) (System Logs) When you plug in a USB or any device, Windows often tries to install...
34 views0 comments
-
Jun 142 min read
Drive Letter Identification and Volume GUID and User Mapping
Overview: The process of tracking USB devices and identifying their last known drive letters involves extracting and interpreting...
21 views0 comments
-
Jun 121 min read
Tracking USB Key Temporal Data on Windows Systems
When it comes to USB key forensics, understanding the timeline of device connections and disconnections can be crucial. Let's dive into...
29 views0 comments
-
Jun 102 min read
USB Key analysis: Volume Names, GUID
Windows 7-10: and Volume Name In newer Windows versions (Win7-Win10), there's a nifty key that logs the Volume Name and GUID for each...
25 views0 comments
-
Jun 81 min read
Windows Common Artifacts Paths for Forensics
In the realm of digital forensics, collecting and analyzing artifacts from various system paths is crucial for uncovering valuable...
27 views0 comments
-
Jun 62 min read
USB Key Analysis: USBSTOR and USB
USBSTOR Registry Key Where to Find USB Key Info: Registry Key: SYSTEM\CurrentControlSet\Enum\USBSTOR Disk&Ven :- Referred as Device class...
29 views0 comments
-
Jun 42 min read
Streamlining Incident analysis: An All-in-One PowerShell Script
Incident response can be a daunting task, especially when it requires gathering a multitude of system details. To simplify this process,...
146 views0 comments
-
Jun 32 min read
USB Artifacts: What Gets Left Behind and Where to Find It
Hey again! So, you've plugged in a USB device and opened some files. Ever wonder what traces you leave behind? What's the Deal with MSC...
37 views0 comments
-
Jun 22 min read
USB Devices: What You Need to Know for Quick Investigations
Hey there! USB devices are everywhere these days, and they can hold a ton of info. Knowing the basics can really help if you're looking...
29 views0 comments
-
May 303 min read
Enterprise-Wide Incident Response: Leveraging Logs and Data for Effective Threat Detection
In the realm of cybersecurity, incident response (IR) is a critical function that helps organizations detect, mitigate, and recover from...
33 views0 comments
-
May 282 min read
Effective Incident Response: Containment and Eradication
In the realm of cybersecurity, responding to incidents promptly and effectively is crucial. This detailed guide covers best practices in...
29 views0 comments
-
May 262 min read
NirSoft Network Usage View (NUV): Streamlining SRUM Analysis
The landscape of digital forensics is ever-changing, with tools and techniques continually evolving to meet the demands of modern...
32 views0 comments
-
May 242 min read
Examining SRUM with ESEDatabaseView
You can download tool from link below: https://www.nirsoft.net/utils/ese_database_view.html Opening SRUM Database with NirSoft Using...
50 views0 comments
-
May 232 min read
Unpacking SRUM: The Digital Forensics Goldmine in Windows
Enter the System Resource Usage Monitor (SRUM) — a treasure trove for digital forensic analysts. The SRUM Database: A Wealth of Insights...
99 views0 comments
-
May 222 min read
SRUM: The Digital Detective in Windows
In today's digital age, the significance of digital evidence in criminal investigations cannot be overstated. As technology evolves, so...
59 views0 comments
bottom of page