Tag Archives: basics

Pass-the-hash Mitigation – Tip of the Day

I have been recently researching Pass the Hash mitigation techniques and I have found that there are the usual comments about not logging on to workstations with Admin accounts, ensuring your local admin accounts don’t have the same password, ensuring … Continue reading

Posted in Group Policy, Hardening, Incident Response, pass the hash, Pen Testing, Preparation, Research | Tagged , , , , , | Leave a comment

Windows XP Restore Points

I know XP is going the way of the Dodo, which is why I wanted to write this post. As blogs and posts update and keep up with the latest versions of Windows I find it harder and harder to … Continue reading

Posted in Introduction, Windows Forensics, Windows Registry Forensics, Windows XP | Tagged , , , , , , | Leave a comment

Link Files

Link (lnk) files are a valuable source of information in a forensic investigation and should not be casually overlooked. What are Link files? Link files are created by the system when a file is opened, even if that file is … Continue reading

Posted in Link FIles, Windows Forensics | Tagged , , , , , | Leave a comment

Incident Response Process Phase 3 – Containment

First Steps When moving into the containment phase an incident has already been declared. It is now time to categorise the incident and relay this to the customer/management. The categorisation or characterisation of the incident can be broken down into … Continue reading

Posted in Containment, Incident Response | Tagged , , , | Leave a comment

Incident Response Process

Today I am going to discuss the basics of an Incident Response process. I did not create this, I would love to give credit to those who did! There are other variations out there, however they all follow the basic … Continue reading

Posted in Incident Response, Introduction | Tagged , , | Leave a comment

Chrome – Basics

Google Chrome, or just Chrome, is (at the time of writing) the most popular web browser by a fair amount. Twice as popular as Mozilla’s Firefox. Chrome stores its artefacts in SQLite, JSON (JavaScript Object Notation) and SNSS (Session Saver) … Continue reading

Posted in Browser Forensics, Chrome, Google Chrome, Windows Forensics | Tagged , , , , , , , , , | Leave a comment

Internet Explorer – Basics

As IE comes bundled with Windows as standard it is often the browser (of choice?) used by a lot of organisations. Larger organisations are also often slower to update IE, in my experience, as they have integrated business critical applications … Continue reading

Posted in Browser Forensics, Internet Explorer, Windows Forensics | Tagged , , , , , , , | Leave a comment