Digital Forensics & Incident Response

CtrlK

Welcome
General Notes
Microsoft Defender KQL
- Introduction to KQL
Windows Forensics
- PsExec
- Security Patch/KB Install Date
Linux Forensics
- Inspecting RPM/DEB packages
- Common Locations
ESXi Forensics
Memory Forensics
- Volatility
- Acquisition
Incident Response
iOS Forensics
- Checkm8 / checkra1n acquisitions/extractions
CTF / Challenges
Log Files
- Windows
Malware Analysis
- Identifying UPX packed ELF, decompressing, fixing, and analysing Linux malware
- PDF Analysis
Walking the VAD tree
OpenCTI
Vulnerability Management
- Setting Up Nessus (Essentials)
- Troubleshooting
Privacy

Powered by GitBook

On this page

Memory Forensics

Acquisition

ESXi / VMware Workstation snapshots DumpIt WinPMem Linux / AVML

Previous3rd Party Plugins NextESXi / VMware Workstation snapshots