Knowledge Base
Browse forensic artifacts and investigation blockers. Your reference library for DFIR evidence sources, tools, and pivot strategies.
Forensic Artifacts
209 artifacts across 5 platforms
Comprehensive reference for forensic evidence sources including file locations, forensic value, required tools, and collection procedures.
Windows46
Linux30
macOS29
M365 / Azure24
Network22
Browse artifacts
Investigation Blockers
18 common obstacles with pivot strategies
When your investigation hits a wall, find the matching blocker for signals, pivot actions, and alternate evidence sources to keep moving.
No EDR Agent on Compromised Hosts
Critical Logs Rotated/Overwritten Before Collection
BitLocker/Encrypted Drives Preventing Forensic Imaging
No PCAP or NetFlow Data Available
+14 more blockers
Browse blockers
Artifact Categories
Authentication & Access24
Execution Evidence22
Persistence Mechanisms20
Filesystem & Timeline17
User Activity29
System Configuration26
Memory & Live State8
Email Security4
Identity & Directory5
Cloud Infrastructure3
Data Access & Storage4
Network Traffic14
Perimeter Security6
DNS Analysis3
Communication10
Location Data8
Web Activity6