Introduction
Recommended Reading
Incident Handling
1.
User Accounts
1.1.
Local User Accounts
1.2.
Active Directory Accounts
1.3.
Forensic Artifacts
2.
Lateral Movement
2.1.
Forensic Artifacts
3.
Persistence
3.1.
Cron Jobs
3.2.
Autostart
3.3.
Forensic Artifacts
4.
Execution
5.
Web Artifacts
6.
Open Ports / Active Connections
7.
DNS Cache records
8.
Log Analysis
8.1.
Audit log
8.2.
System log
8.3.
Security log
8.4.
Logon attempts
8.5.
Scheduled task execution
8.6.
Installed applications
9.
System
About
Light
Rust
Coal
Navy
Ayu
Digital forensics & Intrusion Response Playbook - *nix OS
About
Author: Jayaram Sreevalsan
License: MIT