Digital forensics and incident response: sound evidence acquisition, disk/memory/network analysis, timeline reconstruction, and chain of custody.
79 checks · progress and notes saved in your browser
Defensible collection of digital evidence: order of volatility, forensic imaging, memory capture, and chain of custody.
Recovering and interpreting on-disk evidence: file systems, OS artifacts, and carved data.
Analyze captured RAM for running processes, network state, injected code, and secrets.
Analyze captured traffic and logs to reconstruct activity and detect command-and-control and exfiltration.
Build super timelines, extract IOCs, detect anti-forensics, and produce admissible findings.