Unknown – Page 2 – WindowsTechs.com

Human Behavior In Digital Forensics

Posted on January 3, 2024 by Unknown

II’ve always been a fan of books or shows where someone follow clues and develops an overall picture to lead them to their end goal. I’ve always like the “hot on the trail” mysteries, particularly when the clues are assembled in a way to understand tha… Continue reading Human Behavior In Digital Forensics→

2023 Wrap-up

Posted on December 31, 2023 by Unknown

Another trip around the sun is in the books. Looking back over the year, I thought I’d tie a bow on some of the things I’d done, and share a bit about what to expect in the coming year.In August, I released RegRipper 4.0. Among the updates are some plu… Continue reading 2023 Wrap-up→

Round Up

Posted on December 18, 2023 by Unknown

MSSQL is still a thingTheDFIRReport recently posted an article regarding BlueSky ransomware being deployed following MSSQL being brute forced. I’m always interested in things like this because it’s possible that the author will provide clear observable… Continue reading Round Up→

…and the question is…

Posted on December 11, 2023 by Unknown

I received an interesting question via LinkedIn not long ago, but before we dive into the question and the response…If you’ve followed me for any amount of time, particularly recently, you’ll know that I’ve put some effort forth in correcting the ass… Continue reading …and the question is…→

Roll-up

Posted on November 28, 2023 by Unknown

One of the things I love about the industry is that it’s like fashion…given enough time, the style that came and went comes back around again. Much like the fashion industry, we see things time and again…just wait.A good example of this is the fing… Continue reading Roll-up→

Roll-up

Posted on November 10, 2023 by Unknown

I don’t like checklists in #DFIR. Rather, I don’t like how checklists are used in #DFIR. Too often, they’re used as a replacement for learning and knowledge, and looked at as, “…if I do just this, I’m good…”. Nothing could be further from the … Continue reading Roll-up→

Investigating Time Stomping

Posted on October 9, 2023 by Unknown

Some analysts may be familiar with the topic of time stomping, particularly as it applies to the NTFS file system, and is explained in great detail by Lina Lau in her blog. If you’re not familiar with the topic, give Lina’s article a very thorough read… Continue reading Investigating Time Stomping→

The State of Windows Digital Analysis, pt II

Posted on September 20, 2023 by Unknown

On the heels of my previous blog post on this topic, I read a report that, in a lot of ways, really highlighted some of the issues I mentioned in that earlier post. The recent IDC report from Binalyze is telling, as it highlights a number of issues. On… Continue reading The State of Windows Digital Analysis, pt II→

The State of Windows Digital Analysis

Posted on September 12, 2023 by Unknown

Something that I’ve seen and been concerned about for some time now is the state of digital analysis, particularly when it comes to Windows systems. From open reporting to corporate blog posts and webinars, it’s been pretty clear that there are gaps an… Continue reading The State of Windows Digital Analysis→

Book Review: Effective Threat Investigation for SOC Analysts

Posted on August 29, 2023 by Unknown

I recently had an opportunity to review the book, Effective Threat Investigation for SOC Analysts, by Mostafa Yahia. Before I start off with my review of this book, I wanted to share a little bit about my background and perspective. I started my g… Continue reading Book Review: Effective Threat Investigation for SOC Analysts→