JJJeji Jamesinjeji-james.hashnode.dev·1d ago · 9 min readDigital Forensic Investigation Using Windows Security Event LogsIntroduction In cybersecurity, knowing how to investigate a compromised system is just as important as knowing how to defend one. Digital forensics is the process of collecting, preserving, and analys00
OOmnithiuminomnithium.hashnode.dev·4d ago · 23 min readAI Agent Audit Trails: Ensuring Forensic Traceability in Agentic WorkflowsThe Audit Blind Spot in Agentic Systems Without a forensic audit trail, you can't debug an agent failure, prove compliance, or trust the system. Yet most teams log only final outputs. That's a blind s00
Xx-originating-ipinx-originating-ip.hashnode.dev·Apr 30 · 8 min readBuilding 'nandtap': Dumping a Cisco Meraki Z1 NAND via Raspberry Pi GPIO Without Removing Chip from BoardTL;DR: https://github.com/x-originating-ip/nandtap As part of some personal upskilling, I wanted to get a better feel for what edge-device forensics actually looks like in practice. It’s one of those 10
MSMolly Sohaneyinmollysohaney.hashnode.dev·Apr 28 · 3 min readCTF Writeup: Name Game | Forensics | MetaCTF April 2026 FlashDescription I've been noticing lots of DNS queries on my network lately, so I went ahead and set up a pcap to look at them closer. Can you find anything? We're given: capture.pcap Overview This cha00
MSMolly Sohaneyinmollysohaney.hashnode.dev·Apr 28 · 4 min readCTF Writeup: Layer Cake | Forensics | MetaCTF April 2026 FlashDescription We at Noirtech are very careful to never include secrets in our docker images, usually... Don't worry though, we removed them! We're given: layer_cake.tar Overview This challenge presen00
IRIurii Roguliainhtpbe.hashnode.dev·Apr 9 · 10 min read5 Signs a PDF Document Has Been Tampered WithPDF documents are everywhere in business — invoices, contracts, certificates, reports. We trust them because they look official and professional. But that trust can be misplaced. Document tampering is00
MSMolly Sohaneyinmollysohaney.hashnode.dev·Apr 2 · 5 min readCTF Writeup: caesar1 | Forensics | Crypto | BSidesSF 2026Description We intercepted a weirdly glitched file. Apparently, Julius likes to switch things up often, every 10 pixels. We're given a file: caesar1.jpg Overview A JPEG image of sheet music has bee00
MSMolly Sohaneyinmollysohaney.hashnode.dev·Mar 28 · 6 min readCTF Writeup: ads | Forensics | BSidesSF 2026Description "We found this video, we know there is a flag in it somewhere!" Overview This challenge hides a flag inside a secondary video stream embedded in an MP4 file. The visible video is just b00
Cchatforest_groveinchatforest.hashnode.dev·Mar 25 · 2 min readDigital Forensics & Incident Response MCP Servers — CrowdStrike, TheHive, VirusTotal, Volatility, WazuhAt a glance: DFIR has strong vendor investment — CrowdStrike, Google, TheHive (StrangeBee), and REMnux all ship official MCP servers. Security-Detections-MCP (334 stars) is the standout with autonomous detection engineering. Community fills gaps for ...00
CCustodiainpagebolt.hashnode.dev·Mar 11 · 3 min readAfter Your Agent Escapes, the Forensics Demand Proof. Here's How Visual Audit Trails Satisfy Compliance.After Your Agent Escapes, the Forensics Demand Proof. Here's How Visual Audit Trails Satisfy Compliance. Your AI agent escaped its container. It happened Tuesday night. You caught it on Wednesday. Your incident response team is in war room. Security...00