One of the ways the blueteam can leverage AI and LLM’s is using them as a soundboard, mentor and breach coach. AI then fits in place like a senior team member that is always available that can respond to narrow…
When a DFIR investigation starts you never know how big it will be. Some cases might give you a hint (if law enforcement have let you know about a compromise, or if EDR alerts tell you about a compromise on…
Today is the day! I’m announcing the release of my guide: “Mastering Sysmon: Deploying, Configuring, and Fine-Tuning”, a free mini eBook designed specifically for digital forensics and incident response professionals. This guide provides a practical, step-by-step approach to: Deploying and…
If you’ve ever attempted to run log2timeline on your local machine, you might be familiar with the error messages which happen at the worst time (when you need to use the tool for an investigation!). Issues such as file permission…
After recently earning the SANS 608 GIAC Enterprise Incident Response (GEIR) certification, I didn’t want to get complacent. The real world and real incidents won’t stop. Although the SANS FOR608 course provided a structured lab, I wanted to get better…
Title: Post-SANS 608: Troubleshooting Log2timeline on Ubuntu After recently earning the SANS 608 GIAC Enterprise Incident Response (GEIR) certification, I didn’t want to get complacent. The real world and real incidents won’t stop. Although the SANS FOR608 course provided a…
After breaking my SANS Linux SIFT environment today while doing a Forensic CTF from pico CTF, (not their fault, it was mine by trying to upgrade sleuth kit) I decided to rebuild. I use the SIFT VM for a lot…
Host-based digital forensics is just one aspect of investigating cyber security incidents with a lens on the investigation and analysis of individual computers and devices. This is in contrast to Network forensics which is focused on network logs and packet…
Understanding Digital Forensics Digital forensics involves the recovery and investigation of material found in digital devices (Windows or Linux computers, smartphones and legacy mobile phones and now, even cars) often in relation to computer crime, cyber intrusions and insider threats.…
Forensicating RDP: Remote Desktop Protocol (RDP) is an integral part of Windows OS, allowing users to connect remotely to other systems. However, its exposure to the internet can (and often has) lead to unauthorised access if not properly secured, making…