3.5 Release – Merging artifacts, viewing source files, and anomalous logons
Cyber Triage 3.5 is out and this blog covers a...
ResponderCon 2022 – Videos – Batch 1
We held our first ResponderCon event back on Sept 13...
Cyber Triage 3.4: Logons, Hatching, and BITS
Cyber Triage version 3.4 is out and this blog post...
Cyber Triage 3.4.0 Release Video
Welcome to the Cyber Triage 3.4.0 release video we're going to go through some of the new features we've got.
What is a “Most Recently Used” Artifact Video
Welcome to the first installment of the Cyber Triage Artifact Speedrun series! Today, we're discussing the office MRU Artifact and how it can be useful in your DFIR investigation.The office MRU Artifact keeps track of Windows Office files accessed by a user. It exists because Windows Office applications like Word, Excel or otherwise use this to keep a list of the most recent documents opened and display it to the user.How does it work? Entries are created when a document, such as my document dot Docx, is opened each time it's opened. The last open timestamp within the MRU artifact is updated. Therefore, the most recent files opened by a Microsoft Office application can be found in the office MRU Artifact.We hope you found this quick overview informative and helpful in your DFIR investigation. Stay tuned for more Artifact Speedruns!
Cyber Triage 3.3.0 Release Updates Video
New Release notes 3.3.0 is out and it's better than ever! With New “Data Accessed” data type, Importing Logical files, and PDF / Microsoft Office Document malware scanning.