2019-04-07 -  When investigating a potentially compromised Windows computer, as well as looking at logs, files, and processes, it’s important to check its current network connections. Here’s how to retrieve that data with netstat and make sense of it. Gathering data with netstat First, open a Command Prompt window and use netstat...

2019-03-29 -  I’ve been sticking to several new year’s resolutions in 2019, including learning languages, staying fit, and working on geeky projects – and leaving Facebook has helped to give me the time and focus I’ve needed to stay on track. Normally my last post of each month goes off-topic and covers...

2019-03-22 -  Formula 1 technical director and former Brawn GP team principal Ross Brawn gives his perspectives on strategy and decision making in his book Total Competition – and there are more parallels with cyber security than you might think. You could make a good case that Formula 1 shares a lot with...

2019-03-15 -  Adding to our growing Python forensics tool for Windows, let’s take a look a any Microsoft Office documents the user has recently opened and when they were first and last opened, and add all of this information to our timeline. What are Office files and how do they help our...

2019-03-09 -  The next feature for my Raspberry Pi Home Hub is a Python script that will automatically send an email briefing every morning. In this post I’ll be creating the template, populating it with up-to-date information, and sending it with Yagmail. How the email briefing will work The specifications for my...

2019-03-01 -  Agile is unavoidable in modern corporate IT, and it is therefore an inescapable part of life as a cyber security professional. Here’s a brief introduction to the project management framework’s key priorities, players, and processes. While I’ve written about some interesting technical subjects (and will continue to do so), I...

2019-02-15 -  Web browsing data can tell an analyst a lot about what happened on a system before they got their hands on it. Here’s how to extract the history of the most popular browser – Google Chrome – with a new Python module for our forensics tool. What is the Chrome...

2019-02-08 -  Last month I introduced my new project for 2019 – building a Raspberry Pi Home Hub with Python. Now it’s time to start coding the modules to generate the information screens, starting with the latest news, weather, and Tube updates. How the news screen will work As per the specifications...

2019-02-01 -  It’s been a while since I’ve written anything new for the series documenting my SQL learning, so this week I’m going to explain the various ways you can add, modify, and drop columns in a table using the ALTER TABLE statement. Many SQL database management systems provide nice graphical interfaces...

2019-01-18 -  This month’s new module for the MCAS Windows Forensic Gatherer queries the Windows Security event log to gather information on the user’s logon and logoff activities, helping us to determine exactly when they were using the system. What is the Windows Security event log and how does it help our...