Tag feed

#forensics

87 posts24 followers

JJJeji Jamesjeji-james.hashnode.dev1d ago · 9 min read

Digital Forensic Investigation Using Windows Security Event Logs

Introduction In cybersecurity, knowing how to investigate a compromised system is just as important as knowing how to defend one. Digital forensics is the process of collecting, preserving, and analys

OOmnithiumomnithium.hashnode.dev4d ago · 23 min read

AI Agent Audit Trails: Ensuring Forensic Traceability in Agentic Workflows

The Audit Blind Spot in Agentic Systems Without a forensic audit trail, you can't debug an agent failure, prove compliance, or trust the system. Yet most teams log only final outputs. That's a blind s

Xx-originating-ipx-originating-ip.hashnode.devApr 30 · 8 min read

Building 'nandtap': Dumping a Cisco Meraki Z1 NAND via Raspberry Pi GPIO Without Removing Chip from Board

TL;DR: https://github.com/x-originating-ip/nandtap As part of some personal upskilling, I wanted to get a better feel for what edge-device forensics actually looks like in practice. It’s one of those

MSMolly Sohaneymollysohaney.hashnode.devApr 28 · 3 min read

CTF Writeup: Name Game | Forensics | MetaCTF April 2026 Flash

Description I've been noticing lots of DNS queries on my network lately, so I went ahead and set up a pcap to look at them closer. Can you find anything? We're given: capture.pcap Overview This cha

MSMolly Sohaneymollysohaney.hashnode.devApr 28 · 4 min read

CTF Writeup: Layer Cake | Forensics | MetaCTF April 2026 Flash

Description We at Noirtech are very careful to never include secrets in our docker images, usually... Don't worry though, we removed them! We're given: layer_cake.tar Overview This challenge presen

IRIurii Roguliahtpbe.hashnode.devApr 9 · 10 min read

5 Signs a PDF Document Has Been Tampered With

PDF documents are everywhere in business — invoices, contracts, certificates, reports. We trust them because they look official and professional. But that trust can be misplaced. Document tampering is

MSMolly Sohaneymollysohaney.hashnode.devApr 2 · 5 min read

CTF Writeup: caesar1 | Forensics | Crypto | BSidesSF 2026

Description We intercepted a weirdly glitched file. Apparently, Julius likes to switch things up often, every 10 pixels. We're given a file: caesar1.jpg Overview A JPEG image of sheet music has bee

MSMolly Sohaneymollysohaney.hashnode.devMar 28 · 6 min read

CTF Writeup: ads | Forensics | BSidesSF 2026

Description "We found this video, we know there is a flag in it somewhere!" Overview This challenge hides a flag inside a secondary video stream embedded in an MP4 file. The visible video is just b

Cchatforest_grovechatforest.hashnode.devMar 25 · 2 min read

Digital Forensics & Incident Response MCP Servers — CrowdStrike, TheHive, VirusTotal, Volatility, Wazuh

At a glance: DFIR has strong vendor investment — CrowdStrike, Google, TheHive (StrangeBee), and REMnux all ship official MCP servers. Security-Detections-MCP (334 stars) is the standout with autonomous detection engineering. Community fills gaps for ...

CCustodiapagebolt.hashnode.devMar 11 · 3 min read

After Your Agent Escapes, the Forensics Demand Proof. Here's How Visual Audit Trails Satisfy Compliance.

After Your Agent Escapes, the Forensics Demand Proof. Here's How Visual Audit Trails Satisfy Compliance. Your AI agent escaped its container. It happened Tuesday night. You caught it on Wednesday. Your incident response team is in war room. Security...

#forensics

Digital Forensic Investigation Using Windows Security Event Logs

AI Agent Audit Trails: Ensuring Forensic Traceability in Agentic Workflows

Building 'nandtap': Dumping a Cisco Meraki Z1 NAND via Raspberry Pi GPIO Without Removing Chip from Board

CTF Writeup: Name Game | Forensics | MetaCTF April 2026 Flash

CTF Writeup: Layer Cake | Forensics | MetaCTF April 2026 Flash

5 Signs a PDF Document Has Been Tampered With

CTF Writeup: caesar1 | Forensics | Crypto | BSidesSF 2026

CTF Writeup: ads | Forensics | BSidesSF 2026

Digital Forensics & Incident Response MCP Servers — CrowdStrike, TheHive, VirusTotal, Volatility, Wazuh

After Your Agent Escapes, the Forensics Demand Proof. Here's How Visual Audit Trails Satisfy Compliance.

Search Hashnode

#forensics

Digital Forensic Investigation Using Windows Security Event Logs

AI Agent Audit Trails: Ensuring Forensic Traceability in Agentic Workflows

Building 'nandtap': Dumping a Cisco Meraki Z1 NAND via Raspberry Pi GPIO Without Removing Chip from Board

CTF Writeup: Name Game | Forensics | MetaCTF April 2026 Flash

CTF Writeup: Layer Cake | Forensics | MetaCTF April 2026 Flash

5 Signs a PDF Document Has Been Tampered With

CTF Writeup: caesar1 | Forensics | Crypto | BSidesSF 2026

CTF Writeup: ads | Forensics | BSidesSF 2026

Digital Forensics & Incident Response MCP Servers — CrowdStrike, TheHive, VirusTotal, Volatility, Wazuh

After Your Agent Escapes, the Forensics Demand Proof. Here's How Visual Audit Trails Satisfy Compliance.

Trending tags this week