Digital Forensics & Incident Response

CtrlK

Welcome
General Notes
Microsoft Defender KQL
- Introduction to KQL
Windows Forensics
- PsExec
  - PsExec and NTUSER data
- Security Patch/KB Install Date
Linux Forensics
- Inspecting RPM/DEB packages
- Common Locations
ESXi Forensics
Memory Forensics
- Volatility
- Acquisition
Incident Response
iOS Forensics
- Checkm8 / checkra1n acquisitions/extractions
CTF / Challenges
Log Files
- Windows
  - Generating Log Timelines
Malware Analysis
- Identifying UPX packed ELF, decompressing, fixing, and analysing Linux malware
- PDF Analysis
Walking the VAD tree
OpenCTI
Vulnerability Management
- Setting Up Nessus (Essentials)
- Troubleshooting
Privacy

Powered by GitBook

On this page

Was this helpful?

Windows Forensics

PsExec

PsExec and NTUSER data

PreviousIntroduction to KQL NextPsExec and NTUSER data

Last updated 2 years ago

Was this helpful?