Logparser play of a forensicator

My guru, I won’t name him, but he knows who he is, told me one day what we do is not exactly forensics, its actually Root Cause Analysis to find out how a security incident happened, so once we know that root cause we can do multiple things from ensuring preventions to mitigations and performing recovery….


Event based network trace collection-using powershell

This  post is like new version of my old post In this example I m using event id 1502 that gets generated when gpupdate completes successfully. This is an event you can generate on a domain joined machine by running gpupdate /force . so to test that’s what I do. In sequential order, the powershell script…


When malware spreads on the network, panic ,magic vs calmness ,sanity

I love to talk about things that amaze me, this one is also one of the interesting ones. However, I will quickly come to the point.So there was a situation, where a network admin was in a real panic state. He was seeing a very weird behaviour on few machines on the network. He was using…


Business need for Security Incident Management

Its been a while I m here at my blog. Believe me breaks work in amazing ways. This article is primarily for information security audience. But it wont hurt non-security folks either, as it would make sense to anybody. Many organisation even now don't have an information security program and obviously do not have security incident program,…