Operational

DFIR Knowledge Assistant

209 forensic artifacts. 51 investigation procedures. 70 acquisition methods.

I'm handling an incident

Guided playbooks by incident type and lifecycle stage

Open Playbooks

I need to look something up

Browse artifacts, blockers, and reference material

Open Knowledge Base
209
Forensic Artifacts
51
Investigation Procedures
70
Acquisition Methods
18
Investigation Blockers

Incident Playbooks

View all
🔒

Ransomware

Encryption-based extortion attack targeting files, databases, or entire systems with ransom demands for decryption keys.

33 procedures
🎣

Phishing

Social engineering attack delivered via email, SMS, or messaging platforms designed to harvest credentials or deliver malicious payloads.

29 procedures
📤

Data Exfiltration

Unauthorized transfer of sensitive data outside the organization through network channels, cloud services, or removable media.

24 procedures
👤

Insider Threat

Malicious or negligent activity by an authorized user, employee, contractor, or business partner that compromises data or systems.

25 procedures
Sponsored

Knowledge Base

Browse all
24
Authentication & Access
22
Execution Evidence
20
Persistence Mechanisms
17
Filesystem & Timeline
29
User Activity
26
System Configuration
8
Memory & Live State
4
Email Security

Lifecycle Overview

Triage
Containment
Preservation
Collection
Analysis
Eradication
Recovery
Post-Incident Review