DFIR

Windows forensics

Chapter 5 of 10 · DFIR 50%

🪟 The attacker cleared the Security log. Windows kept the receipts.

SolarWinds, NotPetya, WannaCry. Every one was reconstructed from Sysmon, Event 4624, Prefetch, and Amcache. Learn the artifacts attackers forget. 📋

Premium Chapter

Create a free account to access this chapter and start learning with hands-on labs.

Create Free Account

Join 7,000+ cybersecurity learners

Ready to track your progress?

Create a free account to save your progress, earn XP, and access 170+ hands-on cybersecurity labs.

Start Learning Free

Course Progress

Track your learning journey

0 /10
0 % Complete
10 Remaining
Course Chapters

No chapters found for this filter

13,000+ Hackers 100+ Labs & Courses Free
Start Hacking Free