Intro What is Autopsy? Autopsy is an open-source and powerful digital forensics platform. Several features within Autopsy have been developed by the Department of Homeland Security Science and Tec...

Revisiting Windows Forensics In the Windows Forensics 1 and Windows Forensics 2 rooms, we learned about the different artifacts which store information about a user’s activity on a system. We also...

Introduction We learned about Windows Forensics in the previous room and practiced extracting forensic artifacts from the Windows Registry. We learned about gathering: - System information - Use...

Introduction to Computer Forensics for Windows: Computer forensics is an essential field of cyber security that involves gathering evidence of activities performed on computers. It is a pa...

MISP - MALWARE INFORMATION SHARING PLATFORM This room explores the MISP Malware & Threat Sharing Platform through its core objective to foster sharing of structured threat information amon...

Scenario You work as a Tier 1 Security Analyst L1 for a Managed Security Service Provider (MSSP). Again, you’re tasked with monitoring network alerts. An alert triggered:  - **Misc activity**,  ...

Scenario You work as a Tier 1 Security Analyst L1 for a Managed Security Service Provider (MSSP). Today you’re tasked with monitoring network alerts. A few minutes into your shift, you get your f...

Date: 03/13/2024 — Eric Fischer from the Purchasing Department at Bartell Ltd has received an email from a known contact with a Word document attachment.  Upon opening the document, he acciden...

Queries and History count() by _path | sort -r Checking smb or dce_rpc path: _path matches smb* OR _path=="dce_rpc" | sort -r _path Output: Unique Network Connections and Transferred Dat...

Scenario Three machines in the Finance department at Pfeffer PLC were compromised. We suspect the initial source of the compromise happened through a phishing attempt and by an infected USB drive....