Techniques that can be used to discover evidence in support of incidents where removeable devices were involved. Windows USB Key Identification Track USB devices plugged into a machine. WIN: XP+...

Techniques that can be used to discover evidence in support of program execution post-breach or during an attack. Windows ActivitiesCache.db (Windows Timeline) Windows 10 introduced a background...

Techniques that can be used to discover evidence in support of program or file download by an attacker post-breach or during an attack. Windows OpenSaveMRU Tracks files that have been opened or s...

Overview Forensic evidence of account usage refers to the evidence that can be collected and analyzed to determine who used a particular account, when the account was accessed, and what actions we...

DFIR Overview Digital forensics is the process of examining and analyzing digital devices, such as computers, smartphones, and servers, in order to gather and preserve evidence that can be used in...

Overview SigCheck is a command line tool from the SysInternals Suite developed to scan PE files and verify if they’re signed. A majority of malware identified in the wild is not signed, however it...

Hack The Box (HTB) Labs Hack The Box is a cloud based Capture The Flag (CTF) platform that offers a variety of practical cybersecurity challenges, covering categories such as penetration testing, ...