AnyDesk is a commonly abused, but legitimate RMM tool. Learn about the artifacts left behind and how to investigate AnyDesk abuse.

Investigate BITS jobs and identify the event logs and database associated with this!

Learn about the various artifacts created to help investigate lateral movement via RDP on both the source and target system

Identify the important Windows Event logs to hunt RDP lateral movement, both from the source and target system.

Learn what the SUM UAL database is and how it can help make or break DFIR analysis.

Learn how to take a triage image of a *nix based system using the UAC tool.

Learn how to respond and investigate a compromised Google Workspace user.

Learn some quick wins to minimize malicious script execution.

Learn the mystery of the Amcache artifact and how to use it in your DFIR cases

Learn what Shimcache is, how to analyze it, and why it's misunderstood.

Learn how to identify what programs were executed during an incident with the Prefetch artifact

Learn the basics of AWS investigations and the logs that exist.

Learn why visibility is everything when responding to an incident.

We've all heard of "Link" or "LNK" files, right? You want a faster way to open your favorite game, document or application without need...