Hacking and DFIR Lab [Part 2 – DFIR]

In the last part, we were able to gain SYSTEM access to the Domain Controller giving us full access to the network. Let’s take a look at how the incident response process will go. The first step is detection. I installed a Logrhythm VM and spanned all network traffic from my PFSense VM to it. […]

Read More Hacking and DFIR Lab [Part 2 – DFIR]

DFIR Scenario #1 Lone Wolf

Introduction This fictional digital investigation scenario examines the disk image and memory of a person’s laptop that was seized. The suspect in question is believed to be planning a mass shooting attack. Our role as the forensic investigator is to find evidence that either supports or disproves this allegation. Acquisition The forensic examiner present during […]

Read More DFIR Scenario #1 Lone Wolf