THE CYBER TRIAGE BLOG

Learn investigation tips from Brian Carrier and the Sleuth Kit Labs Team.

Cyber Triage 3.16: Investigate Faster with Cyber Triage Enterprise

January 15, 2026

Recent Posts

WMI Malware: The Complete Forensics Guide

February 20, 2025

How to Find WMI Consumers: Complete Guide for IT + Investigators

February 14, 2025

How to Investigate Malware WMI Event Consumers 2025

February 6, 2025

What Is a Jump List?

January 29, 2025

What Is Jump List Cache?

January 23, 2025

Jump Lists Forensics 2025

January 14, 2025

Information Artifacts

Information Artifacts: Simplify DFIR Analysis

January 7, 2025

3.13 Adds MemProcFS and Extends the S3 and Recorded Future Sandbox Integrations

December 18, 2024

3.12 Adds Data Exfiltration Detection, USB Devices, and Easier Validation

October 1, 2024

DFIR Breakdown: Impacket Remote Execution Activity – Smbexec

September 20, 2024

DFIR Next Steps: What to Do After You Find a Suspicious Use of Remote Monitoring and Management Tools

September 9, 2024

DFIR Breakdown: Impacket Remote Execution Activity – atexec

August 29, 2024