📜 Artefacts DB

In order to detect and response to the incidents in a short time, there are playbooks which are basically guidelines. Some IR frameworks have these included in order to ease the process.

🪵 Logs

In order to detect and response to the incidents in a short time, there are playbooks which are basically guidelines. Some IR frameworks have these included in order to ease the process.

💬 RAM Extraction And Analysis

In order to detect and response to the incidents in a short time, there are playbooks which are basically guidelines. Some IR frameworks have these included in order to ease the process.

📝 Account Information Analysis

🖥 System Information

Windows Installed programs and applications Key 🔑: Microsoft\Windows\CurrentVersion\Uninstall. There can be some data for programs that do not exist on the system anymore.

Android /data/data/com.google.android.apps.maps/databases/gmm_storage.db # User Photos /data/media/0/DCIM/Camera /data/data/com.androidproviders.media/databases/external.db /data/media/0/bluetooth /data/media/0/Download /data/media/0/Pictures/Screenshots /data/media/0/Pictures/Twitter iOS /private/var/mobile/Containers/Data/Application/[APPGUID]/Library/Maps/GeoHistory.mapsdata /private/var/mobile/Containers/Data/Application/[APPGUID]/Library/Maps/GeoBookmarks.plist /private/var/mobile/Library/Caches/com.apple.routined/Cache.sqlite /private/var/mobile/Library/Caches/com.

📜 Artefacts DB

👥 Communication

👀 Browser Activity

👣 Persistance Mechanisms

🪜 Evidence Of Process Escalation

🪵 Logs

💬 RAM Extraction And Analysis

⚙️ Windows Config

📝 Account Information Analysis

🖥 System Information

🌍 Geo Location