Find Evil in 5 Easy Steps – Part2

In Part 1 we talked about Loki, Logparser and DeepBlueCLI for analyzing offline forensic artifacts in an effort to get the low hanging fruit left behind by most threat actors. Part 2 will focus on KAPE and Windows Registry analysis. 4. Parse all the things with KAPE! KAPE is a free tool which helps DFIR … Continue reading Find Evil in 5 Easy Steps – Part2

Using Mac OSXCollector with Splunk

I admit, the first time I had the opportunity to switch my work PC to a Mac, I jumped at it. However, I quickly regretted it. I was in a management job that was largely a race against the clock to handle emails, create powerpoints and massage spreadsheets. The learning curve wasn't fitting into my … Continue reading Using Mac OSXCollector with Splunk