Evidence of...

Welcome to the Evidence of... category! Here, I provide guidance on how to extract and find forensic evidence from compromised systems. Whether you're a forensic investigator looking to gather and analyze evidence of cybercrimes, or simply interested in learning more about this important discipline, you'll find valuable insights and practical tips in these articles.

My goal is to help you understand the techniques and tools used by forensic investigators to identify, extract, and preserve evidence from compromised systems, and to provide guidance on how to use this evidence to understand and respond to cyber threats. The main resource that I've referenced is the SANS Evidence Of... Poster which can be seen at the Resources section below. I will cover a wide range of topics, including the extraction of forensic evidence from various types of devices, the use of forensic tools and techniques, and the analysis and presentation of forensic findings across the major operating systems; Windows, Linux, and MacOS.

Account UsageFile DownloadProgram Execution

Resources

SANS Digital Forensics and Incident Response Blog | New Windows Forensics Evidence of Poster Released | SANS Institute