← RETURN TO BASE
Offensive Security

Digital Forensics

Post-mortem analysis of systems to solve digital crimes.

INCLUDED IN:
SOC Operations & Incident Response

Operational Phase

01

Disk Imaging

Creating bit-for-bit copies (E01) without altering data.

02

File Systems

FAT32, NTFS, EXT4 structures and deleted file recovery.

03

Artifact Analysis

Prefetch, Shimcache, and Amcache analysis.

04

Timeline Creation

Reconstructing the sequence of events.