by mukul975
analyzing-windows-shellbag-artifacts helps DFIR analysts interpret Windows Shellbag registry artifacts to reconstruct folder browsing, deleted-folder access, removable media use, and network share activity with SBECmd and ShellBags Explorer. It is a practical analyzing-windows-shellbag-artifacts guide for incident response and forensics.
by mukul975
detecting-t1003-credential-dumping-with-edr skill for threat hunting with EDR, Sysmon, and Windows event correlation to detect LSASS, SAM, NTDS.dit, LSA secrets, and cached credential dumping. Use it to validate alerts, scope incidents, and reduce false positives with practical workflow guidance.
by mukul975
extracting-memory-artifacts-with-rekall guide for analyzing Windows memory images with Rekall. Learn install and usage patterns to find hidden processes, injected code, suspicious VADs, loaded DLLs, and network activity for Digital Forensics.
by mukul975
extracting-browser-history-artifacts is a Digital Forensics skill for extracting browser history, cookies, cache, downloads, and bookmarks from Chrome, Firefox, and Edge. Use it to turn browser profile files into timeline-ready evidence with repeatable, case-focused workflow guidance.
