Knowledge Base

Browse forensic artifacts and investigation blockers. Your reference library for DFIR evidence sources, tools, and pivot strategies.

Forensic Artifacts

286 artifacts across 7 platforms

Comprehensive reference for forensic evidence sources including file locations, forensic value, required tools, and collection procedures.

61Windows41Linux35macOS60Cloud & SaaS22Network33iOS34Android

Investigation Blockers

21 common obstacles with pivot strategies

When your investigation hits a wall, find the matching blocker for signals, pivot actions, and alternate evidence sources.

No EDR Agent on Compromised Hosts
Critical Logs Rotated/Overwritten Before Collection
BitLocker/Encrypted Drives Preventing Forensic Imaging
No PCAP or NetFlow Data Available

+17 more

Artifact Categories

View all
Authentication & Access
33
Execution Evidence
34
Persistence Mechanisms
23
Filesystem & Timeline
20
User Activity
35
System Configuration
35
Memory & Live State
8
Email Security
5
Identity & Directory
10
Cloud Infrastructure
16
Data Access & Storage
8
Network Traffic
19
Perimeter Security
6
DNS Analysis
5
Communication
14
Location Data
9
Web Activity
6