Blog

How to Investigate Malware WMI Event Consumers 2025

February 6, 2025

Start Reading

What Is a Jump List?

January 29, 2025

Start Reading

What Is Jump List Cache?

January 23, 2025

Start Reading

Jump Lists Forensics 2025

January 14, 2025

Start Reading

Information Artifacts: Simplify DFIR Analysis

January 7, 2025

Start Reading

3.13 Adds MemProcFS and Extends the S3 and Recorded Future Sandbox Integrations

December 18, 2024

Start Reading

3.12 Adds Data Exfiltration Detection, USB Devices, and Easier Validation

October 1, 2024

Start Reading

DFIR Breakdown: Impacket Remote Execution Activity – smbexec

September 20, 2024

Start Reading

DFIR Next Steps: What to Do After You Find a Suspicious Use of Remote Monitoring and Management Tools

September 9, 2024

Start Reading

DFIR Breakdown: Impacket Remote Execution Activity – atexec

August 29, 2024

Start Reading

DFIR Next Steps: What To Do After You Find a Suspicious Use Of curl.exe

August 19, 2024

Start Reading

DFIR Next Steps: What To Do After You Find a Suspicious Use Of certutil.exe

August 7, 2024

Start Reading