Recent Posts
Reports & Testimony related to Equifax & Marriott Data Breaches
I have added a few pages to archive documents related to large breaches from 2018. You can find links in…
Threat Hunting Using Newly Registered Domain Lists – Part 1
Author’s Note: This article was inspired by a blog posting over at the SANS Storm Center Infosec Forums. The article,…
Helpful Splunk Search for Office 365
This is going to be a quick post about using Splunk to look for anomalous activity in your O365 instance….
Falling as an Adult Sucks!
TLDR: Vermont Winter: 3 My Body: -3 This winter has been exceptionally bad for me and getting around. I have…
Passwords & Data Breaches
Some friends that turn to me for information security advise recently asked my thoughts on the recent announcement of the…
FTK Windows Server 2008 SYSTEM Filter
I recently found it necessary to quickly grab a large amount of SYSTEM registry files to determine the current control…
More FTK Filters
In my last post, I mentioned two useful FTK filters for quickly finding files of interest. Below are two more…
FTK Filters are Your Friend
I have been working on a forensic investigation of about 20 Windows Server 2008 R2 VMs using FTK 4.2. FTK…
Going Paperless: Where Paper Meets Bits and Bytes
A client consulted me about going to a paperless environment. His company utilizes several different forms and numerous other documents…
Logging User Activities within Linux with bash scripts
I am just starting to learn the power of bash scripting. So, this script below may not be the best…
