🔎 Incident Investigation

🔎 Investigation Methodology

Basically, all of the artefacts that are listed in the Investigation section fall under the category “user activity” one way or another. Even if some process spawned some other process, somewhere in the past the user interaction was still required. That’s why I find it so hard to find the perfect categorization. I’ve decided to devote this section to common strategies of how one would investigate user activity and which artefacts they would use at what point in time.

ðŸ—ģ Evidence Collection And Preservation

This section is under question. Probably need to sort all between different artefacts. Hard to use currently.

📜 Artefacts DB

ðŸ•ķïļ Anti-Forensics

ðŸĐŧ Data Recovery

In order to detect and response to incidents in a short time, there are playbooks which are basically guidelines. Some IR frameworks have these included in order to ease the process.

📚 OSINT Techniques

This all about searching for the information publicly available.

👀 Interesting Observations

I will be collecting some random stuff I’ve noticed about people’s usage of IT systems.