During a forensic investigation, Windows Event Logs are the primary source of evidence.Windows Event Log analysis can help an investigator draw a timeline based on the logging information and the discovered artifacts, but a deep knowledge of events IDs is mandatory.
Recently i’ve worked on a cybersecurity incident that involved the use of Silver Tickets on Kerberos. I think may be useful a brief recap about this attack technique.
The #hibernation file (hiberfil.sys) is the file used by default by #Microsoft #Windows to save the machine’s state as part of the hibernation process. #dfir #cybersecurity #volatility
I just recently to perform a forensic analysis on a compromised Microsoft Azure VM, and I’d like to share a couple of useful tips.
A good wiping tool is available in all Windows systems since Windows 2000