Posts
-
File Carving: Encrypted Virtual Hard Disks
A significant development in ransomware attacks in recent years is the encryption of virtual hard disks. Is there a way to obtain at least some data out of these encrypted disks?
-
Puzzle Pieces: RDP Bitmap Cache
Learn how the RDP Bitmap Cache provides valuable snippets that fill gaps in forensic investigations, revealing Threat Actors activities during RDP sessions.
-
Data Exfiltration in M365: Rclone Meets SharePoint
A Business Email Compromise can lead to data exfiltration from entire SharePoint.