LinuxCheck is a small bash script for information collection, useful for emergency response on Debian and Centos systems.Continue…
During a forensic investigation, Windows Event Logs are the primary source of evidence.
Windows Event Log analysis can help an investigator draw a timeline based on the logging information and the discovered artifacts, but a deep knowledge of events IDs is mandatory.
The Netflix Security Intelligence and Response Team (SIRT) has released (under Apache 2.0 license) a triage tool to help digital forensics and incident response teams quickly identify compromised hosts on which to focus their response.
The tool, written in python 3 and named “Diffy”, is strictly focused on security incidents on cloud architectures.
During investigation in a security incident, event log analysis is a key element.
Every forensic analyst, during his experience, perfects his own workflow for the acquisition of forensic images.
Today I want to propose my own workflow for acquisition of physical disks on Microsoft Windows systemsContinue…