Memory
Memory Forensics Investigation
Volatility-based investigation of a compromised Windows memory image to identify suspicious processes, command history, network connections, injected code indicators, and evidence suitable for an incident timeline.
VOLATILITYMEMORYWINDOWSTIMELINE
Network
Network Forensics PCAP Analysis
Wireshark-led packet investigation focused on suspicious sessions, DNS activity, TLS metadata, protocol anomalies, IOC extraction, and clear evidence notes for escalation.
WIRESHARKPCAPIOCNETWORK
Incident Response
Windows Event Log Investigation
Event log triage workflow for authentication activity, PowerShell execution, service creation, scheduled tasks, persistence hints, and high-confidence incident response findings.
EVENT LOGSPOWERSHELLIRSIEM
Evidence
Digital Evidence Handling Report
Forensic reporting workflow covering acquisition notes, chain of custody, hashing, artifact documentation, examiner observations, and defensible findings.
EVIDENCEHASHINGREPORTINGCHAIN OF CUSTODY
Network
Advanced TLS Sniffer
TLS traffic analysis tool for extracting SNI, certificates, cipher suites, JA3-style fingerprints, and encrypted traffic clues useful during threat hunting and network forensics.
PYTHONTLSSCAPYFORENSICS
Threat Hunting
IOC Extractor and Triage Notes
Investigation helper for extracting IPs, domains, hashes, URLs, and suspicious strings from reports and logs, then organizing them for enrichment and containment decisions.
IOCTHREAT HUNTINGLOGSPYTHON
Disk
Disk Artifact Explorer
Disk forensics practice focused on file system artifacts, browser traces, deleted-file clues, user activity, timestamps, and examiner notes for a final investigation report.
AUTOPSYFTK IMAGERDISKARTIFACTS
Incident Response
Incident Timeline Generator
Timeline-first workflow that combines log entries, file timestamps, packet evidence, and analyst notes to reconstruct attack activity from detection through containment.
TIMELINEIRLOG ANALYSISEVIDENCE