Blue Team Labs

Analyze Linux system artifacts, including memory dumps and logs, with Volatility and FTK Imager to reconstruct an attack and identify IOCs.

Investigate network attack artifacts by analyzing logs in Kibana to identify compromised systems and incident timelines.

Apply open-source intelligence (OSINT) techniques using Whois, Wayback Machine, and Google Lens to investigate digital footprints and extract specific information.

Analyze diverse network traffic using Wireshark to decrypt HTTPS, identify protocol misconfigurations, and extract critical network and system forensic artifacts.

Evaluate a Windows disk image by correlating registry, event log, browser, and MFT artifacts to reconstruct evidence of corporate secret exfiltration.

Analyze a jailbroken iOS device's system files, SQLite databases, and application data using forensic tools to reconstruct user activity and identify installed applications.

Analyze diverse file types including binaries, obfuscated scripts, and corrupted archives using tools like Cutter, hex editors, and debuggers to extract hidden flags and reverse custom encryption.

Investigate macOS disk images using Autopsy, mac_apt, and SQLite to identify and extract hidden data potentially concealed with steganography.

Evaluate forensic artifacts from a disk image to confirm unauthorized port scanning and assess user intent for installing illegal applications.

Reconstruct a data exfiltration incident by correlating memory, disk, network, and log artifacts using a suite of forensic tools.