Note: any blog with word Notes, it designed to help/address commands or steps need in dfir to quick recall things. Memory Acquisition Tools Memory acquisition is the first critical step in memor...

Note: any blog with word Notes, it designed to help/address commands or steps need in dfir to quick recall things. Evidences Collections Creating full disk image (dd, ddcfldd, dc3dd) dd if=&l...

Note: any blog with word Notes, it designed to help/address commands or steps need in dfir to quick recall things. Evidence of execution Sysmon eventId: 4688 channel: system description: p...

What is Malware Analysis? Malware analysis is the study of the unique features, objectives, sources, and potential effects of harmful software and code, such as spyware, viruses, malvertising, and ...

What is JS? Javascript is a client side object oriented scripting language. Authors of JavaScript scripts use a variety of techniques to obfuscate the scripts. For example, they can use confusing s...

Whodunit Tool Whodunit is a tool that can be used to identify the most likely Advanced Persistent Threat (APT) group responsible for an attack. The tool ingests a cyber security report that cont...

Threat Intelligence Cyber threat intelligence results from disparate cyber threat data collected, processed, and analyzed to provide insights into cybercriminals’ motives, targets, and methodologi...

ffuf - Fuzz Faster U Fool ffuf tool which use to do fuzzing/brute force attacks Usage: ffuf [flags] Flags: -w Wordlist file path -u Target URL -H Custom...

Windows Core Process Download the SANS DFIR Overview From SANS system.exe The System process is responsible for most kernel-mode threads. Modules run under System are primarily drivers (.sys...

NFS First, the client will request to mount a directory from a remote host on a local directory just the same way it can mount a physical device. The mount service will then act to connect to the...