Downloads

Complete reference guide for Windows forensic artifacts including registry, event logs, filesystem, and execution evidence.

Complete reference guide for Linux forensic artifacts including auth logs, systemd journal, Docker, and filesystem evidence.

Complete reference guide for macOS forensic artifacts including unified log, FSEvents, spotlight, and keychain evidence.

Complete reference guide for Microsoft 365 and Azure forensic artifacts including UAL, Azure AD, and mailbox audit.

Reference guide for AWS forensic artifacts including CloudTrail, IAM, STS, GuardDuty, EC2, EKS, and VPC telemetry.

Reference guide for Google Workspace forensic artifacts including admin, login, Gmail, Drive, OAuth, Takeout, and Vault evidence.

Collection of KQL queries extracted from all runbook procedures for Microsoft Sentinel and Defender.

Collection of Splunk SPL queries extracted from all runbook procedures for threat hunting and investigation.

Step-by-step guide for acquiring forensic evidence from Windows systems including disk, memory, triage, and remote methods.

Step-by-step guide for acquiring forensic evidence from Linux systems including disk, memory, container, and cloud methods.

Step-by-step guide for acquiring forensic evidence from macOS systems including Target Disk Mode, memory, and remote methods.

Step-by-step guide for acquiring forensic evidence from iOS devices including physical, logical, and cloud methods.

Step-by-step guide for acquiring forensic evidence from Android devices including ADB, chip-off, and JTAG methods.

Complete starter bundle for ransomware incidents: cheatsheet, relevant artifacts, and query pack combined.

Complete starter bundle for phishing incidents: cheatsheet, M365 artifacts, and email investigation queries.

Complete starter bundle for data exfiltration incidents: cheatsheet, network artifacts, and DLP queries.

Complete starter bundle for insider threat investigations: cheatsheet, user activity artifacts, and monitoring queries.