WordCraft: Your Guide to Document Mastery
The Evolution and Impact of Ransomware
Learn how ransomware operators communicate, share data, and execute attacks. This series covers lateral movement, privilege escalation, and post-attack recovery, providing tools and strategies for comprehensive analysis and defense.
Duration
26 Pages
KAPE Unleashed: Harnessing Power in Incident Response
This series offers a comprehensive exploration of KAPE’s capabilities, practical use cases in incident response, and its role in uncovering critical artifacts. Whether you're a seasoned professional or new to digital forensics, learn how to leverage KAPE for effective data collection and analysis.
Duration
3 Pages
Windows Forensic Artifacts: Unveiling Key Evidence
Explore critical Windows forensic artifacts such as Prefetch, Shellbags, Lnk files, and more. This series covers tools and techniques for analyzing file activity, program execution, USB usage, and autostart locations.
Duration
28 Pages
Mastering Windows Registry Forensics:
Explore the intricacies of the Windows Registry, including key hives, transaction logs, and system configurations. This series uncovers valuable insights into user activity, program execution, and critical registry artifacts for comprehensive forensic investigations.
Duration
10 Pages
Mastering Memory Forensics: In-Depth Analysis with Volatility and Advanced Tools
This course provides a hands-on journey into memory forensics, covering essential tools like Volatility, MemProcFS, and advanced analysis techniques with Strings and Bstrings. Learn to set up, analyze, and uncover threats from memory data in Windows and WSL environments, ideal for anyone aiming to strengthen their threat detection skills.
Duration
4 Pages
Insights into File Systems and Anti-Forensics
Delve into the versatile world of NTFS with an in-depth exploration of metadata structures, system files, and the nuances of metadata entries. This series also tackles anti-forensics techniques like timestomping, equipping you with the knowledge to navigate and counteract forensic challenges.
Duration
5 Pages
NTFS Journaling(Different Artifact like $I30, $MFT, $LogFile, $UsnJrnl)
This series delves into parsing and analyzing these vital components using tools like MFTECmd.exe and Timeline Explorer, while also exploring common activity patterns and the intricacies of the $MFT and $I30. Enhance your forensic skills and understanding of NTFS file systems with these essential insights.
Duration
7 Pages
Decoding Timeline Analysis in Digital Forensics
Learn how to leverage NTFS timestamps and advanced tools like Plaso/Log2Timeline for accurate forensic investigations. This series covers step-by-step examples, tool usage, and the critical role of timestamps in building a comprehensive forensic timeline.
Duration
7 Pages
USB Forensics
Unlock the secrets of USB device investigations with insights into USBSTOR keys, volume GUIDs, and event logging. This series guides you through identifying USB artifacts, tracking device activity, and leveraging quick analysis tools.
Duration
10 Pages
Email Forensics
Delve into the world of email forensics with a focus on analyzing email headers, encryption, PST/OST files, and more. This series covers essential techniques for email data extraction, recovery, and forensic challenges across platforms.
Duration
18 Pages
Linux IR and Forensic
This course dives into the fundamentals of Linux Incident Response and Digital Forensics, covering critical topics like attack vectors, key directories, log analysis, and defense strategies.
Duration
7 Pages
macOS Forensics: Structure, Persistence, and Investigation
Master the fundamentals of macOS forensics, including live data capture, image mounting, persistence analysis, and key device information profiling for incident response
Duration
5 Pages
(MS365 and Azure)Cloud-Based Investigations
This series focuses on Microsoft Cloud Services, including MS365 and Azure, providing essential insights into logging, incident response, and data exfiltration. Equip yourself with practical tools and strategies for log acquisition and analysis, ensuring you can effectively navigate the challenges of cloud forensics and enhance your investigative capabilities.
Duration
7 Pages
Comprehensive Incident Response and Forensics in Azure
This course provides a deep dive into the essential Azure services and tools necessary for effective incident response and forensics in the cloud. Learn about Azure Resource Groups, Role-Based Access Control (RBAC), VM types, network security, log sources, and techniques for acquiring and analyzing virtual machine disk images.
Duration
7 Pages
AWS Forensics: Strategies for Effective Incident Response
This series covers essential topics such as account management, secure access, and the AWS Instance Metadata Service (IMDS). Gain insights into optimizing incident response using tools like CloudWatch, GuardDuty, and automated forensics techniques.
Duration
5 Pages
Incident Response Framework: A Comprehensive Guide
This course offers an overview of the IR process, covering all phases from preparation to post-incident evaluation, and provides essential tools such as checklists and strategies for effective containment and eradication. Explore advanced concepts like leveraging enterprise-wide logs for detection and the distinctions between containment and remediation in modern IR practices.
Duration
12 Pages
Understanding Lateral Movement in Cybersecurity
This course delves into the mechanics of lateral movement in cyber attacks, exploring key protocols, tools, and effective detection methods to enhance your organization's security posture against such threats.
Duration
2 Pages
WMI: Detection, Defense, and Hunting
This course covers WMI capabilities, stealthy persistence techniques, detection of WMI-based attacks, and effective hunting strategies to combat malicious activity, including an exploration of event consumers and MOF files.
Duration
6 Pages
SRUM: Unveiling Insights for Digital Investigations
This series provides a deep dive into SRUM’s capabilities, showcasing how to extract valuable insights from resource usage data. Learn to unpack SRUM’s potential, utilize ESEDatabaseView for effective examination, and streamline your analysis with innovative strategies to enhance your investigative prowess.
Duration
5 Pages
Pass the Hash and Golden Ticket Attacks
This course delves into the evolving tactics of malicious actors, focusing on Pass the Hash and Golden Ticket attacks. It covers the mechanisms behind these techniques, their associated threats, and effective mitigation strategies, emphasizing the importance of robust defenses against such sophisticated breaches.
Duration
4 Pages
Forensic/Investigation Related Useful Blogs
These resources cover extracting and examining Volume Shadow Copies for vital information, techniques for data recovery and analysis, and the role of Alternate Data Streams (ADS) in determining file origins. SSD acquisition and analysis, important steps to take before memory acquisition in encrypted systems, and how to detect unauthorized replication and Mimikatz DC Sync.
Duration
8 Pages
Security Related Useful Blogs
Discover a selection of informative blogs that focus on essential security practices.
Duration
4 Pages
Security Intelligence Cycle: Safeguarding Digital Fortresses
This resource explores the Security Intelligence Cycle, highlighting its crucial role in protecting digital infrastructures. It offers insights gained during the pursuit of the CYSA (Cybersecurity Analyst) certification, emphasizing how effective intelligence practices can enhance organizational security and resilience against cyber threats.
Duration
1 Page
Credential Theft Methods and Defense Strategies
This course focuses on the critical issue of credential theft, examining various attack vectors such as hashes, LSA secrets, tokens, and tickets. It emphasizes effective defense strategies to mitigate these risks and enhance security, including insights into obtaining Windows and UNIX/Linux hashes and understanding the evolution of password security.
Duration
9 Pages
Exploring Different Persistence Mechanisms
This course delves into various techniques that enable these threats to achieve unauthorized access, execute malicious activities, and evade detection over extended periods.
Duration
4 Pages