Blog

Jump Lists Forensics 2025

January 14, 2025

Start Reading

Information Artifacts: Simplify DFIR Analysis

January 7, 2025

Start Reading

3.13 Adds MemProcFS and Extends the S3 and Recorded Future Sandbox Integrations

December 18, 2024

Start Reading

3.12 Adds Data Exfiltration Detection, USB Devices, and Easier Validation

October 1, 2024

Start Reading

DFIR Breakdown: Impacket Remote Execution Activity – Smbexec

September 20, 2024

Start Reading

DFIR Next Steps: What To Do After You Find A Suspicious Use Of Remote Monitoring & Management Tools

September 9, 2024

Start Reading

DFIR Breakdown: Impacket Remote Execution Activity – atexec

August 29, 2024

Start Reading

DFIR Next Steps: What To Do After You Find a Suspicious Use Of curl.exe

August 19, 2024

Start Reading

DFIR Next Steps: What To Do After You Find a Suspicious Use Of certutil.exe

August 7, 2024

Start Reading

DFIR Breakdown: Using Certutil To Download Attack Tools

July 24, 2024

Start Reading

Access More! BitLocker, new File Explorer, and Export All Files (3.11 release)

June 24, 2024

Start Reading

Limitations of ImpHash for DFIR

June 20, 2024

Start Reading