Blue Team Labs

Investigate iOS device artifacts using iLEAPP and SQLite Browser to identify anomalous user behavior and potential illicit activity.

Reconstruct the attack timeline by analyzing memory dumps and suspicious document files using Volatility, OfficeMalScanner, and VirusTotal.

Learn to investigate a domain controller compromise by analyzing logs, memory, and artifacts to uncover attacker tactics, persistence methods, and the full intrusion timeline.

Analyze a memory dump with Volatility to uncover hidden Emotet malware, investigate its code injection, and reconstruct kernel-level evasion tactics like DKOM.

Evaluate a memory image using Volatility and forensic tools to reconstruct the attack chain initiated by a malicious PDF with JavaScript.

Correlate diverse forensic artifacts from memory, registry, browser, and NTFS logs using advanced tools like Mimikatz, Ghidra, and CyberChef to reconstruct a complex data breach and C2 infrastructure.