Insights/Forensics

Digital Forensics

Digital forensics and incident response notes. Detection guidance, IOCs, and post-incident lessons.

4 articles

AllAIIntelligenceCloudThreat BriefAdvisoryGuideSMBStrategyWhitepaperForensics
Logging and Telemetry: What to Keep and Why
StrategyGuideForensics

Logging and Telemetry: What to Keep and Why

Logging programs fail in two directions: too little to investigate anything, or too much to afford. The middle path is intentional.

The Anatomy of a Business Email Compromise
ForensicsThreat BriefSMB

The Anatomy of a Business Email Compromise

A typical BEC investigation we run unfolds in five acts. Recognizing them in progress is the difference between a near-miss and a six-figure loss.

The SMB Incident Response Runbook We Actually Use
GuideSMBForensics

The SMB Incident Response Runbook We Actually Use

A one-page runbook covering the first 90 minutes. When clarity matters most.

CISA Reports BRICKSTORM Used For Long-Term Access
AdvisoryForensics

CISA Reports BRICKSTORM Used For Long-Term Access

Tactics used to maintain long-term implants in U.S. systems. And detection guidance you can apply this week.