www.it-connect.fr
Windows Forensics Part 3: Tracking Program Execution with Prefetch
Learn how Prefetch reveals Windows program execution traces and how to analyze it with WinPrefetchView and PECmd for forensics.
Read the postAuthor: Mehdi Dakhama
Forensic Windows Part 2: How to Find Evidence with Amcache
Learn how to use Amcache in Windows forensics to uncover executed and deleted tools, device traces, and key metadata. Discover the limits too.
Read the post
How to Detect and Block Brute Force Attacks on Windows Server with PowerShell
Detect and block brute force attacks on Windows Server with PowerShell scripts. Learn how to analyze logs, spot suspicious IPs, and automate blocking.
Read the post
How to Find Windows Forensic Traces with ShimCache – Part 1
Learn how ShimCache helps uncover Windows activity traces, spot suspicious files, and kick off a fast forensic analysis.
Read the post