Windows Forensics Cheat Sheets
You can't perform that action at this time. You signed in with another tab or window. You signed out in another tab or window. Reload to refresh your session. Reload to refresh your session. We use optional third-party analytics cookies to understand how you use GitHub.com so we can build better products.
Service overview and network port requirements - Windows Server
This article discusses the required network ports, protocols, and services that are used by Microsoft client and server operating systems, server-based programs, and their subcomponents in the Microsoft Windows Server system. Administrators and support professionals may use this article as a roadmap to determine which ports and protocols Microsoft operating systems and programs require for network connectivity in a segmented network.
Windows File System
What I wish someone had told me when I started learning about File System Forensics
If you're new to Digital Forensics a first question you might be asking is: why do I need to learn how file systems work as a digital forensics analyst? And how much do I need to know about it? Let's answer that question starting with a very simple definition of digital forensics.
Windows Event Logs
Finding Forensic Goodness In Obscure Windows Event Logs
If you've been doing some digital forensics or threat hunting for some time. You'll know that one of the key sources of information are the Windows event logs. Most of the talks around the windows event logs only mention the "main" sources of logs such as "System" or "Application", even though windows provide many sources.
Windows Registry Forensics
Digging Up the Past: Windows Registry Forensics Revisited
Introduction FireEye consultants frequently utilize Windows registry data when performing forensic analysis of computer networks as part of incident response and compromise assessment missions. This can be useful to discover malicious activity and to determine what data may have been stolen from a network.
Windows Monitoring techniques
Red Team Tactics: Advanced process monitoring techniques in offensive operations | Outflank Blog
In this blog post we are going to explore the power of well-known process monitoring utilities and demonstrate how the technology behind these tools can be used by Red Teams within offensive operations. Having a good technical understanding of the systems we land on during an engagement is a key condition for deciding what is...
- An artifact which stores metadata related to PE execution and program installation on Windows
Frequently overlooked and understudied, this database is rarely fully exploited when doing incident response. Indeed, its correct interpretation is complex: a lot of special cases can occur that have to be taken into account when performing an analysis.