Glossary/Roadmap

Welcome

  • Introduction

  • Glossary

  • Introduction to Incident Response

  • Six Step Incident Response Process

  • Inclusion vs Exclusion Analysis

  • Introduction to a SOC Analyst

  • MITRE Attack Framework

  • Pivoting

  • Report Writing

    • Analysis Examples

  • Resources

Windows DFIR

  • Windows Quick Tips

    • Windows Command Line

    • Windows Locations - Workstations

    • Windows Locations - Servers

  • Application Execution

    • Prefetch

    • Windows Event Log

  • File and Folder Opening

  • Deleted Items and File existence

  • Browser Activity

  • System Information

  • Cloud Storage

  • Network Actitivty and Physical Location

  • Account Usage

  • External Device/USB usage

  • Shadow Copies

  • WMI Event Consumers

  • Windows Services

  • Cached Credentials

  • Named Pipes

  • Scheduled Tasks

  • Windows Registry

  • Auto Start Entry Points

  • MITRE ATTACK

Linux DFIR

PreviousIntroductionNextInitial Access - Windows

Last updated