This Week's/Trending Posts

Hand-Picked/Curated Posts

Most Popular/Amcache

Hand-Picked/Weekly News

The Most/Recent Articles

ual

Daily Blog #765: Sunday Funday 3/2/25

 


Hello Reader,

It's Sunday! This week's challenge is all about Microsoft 365! I know many of you are routinely searching and reviewing Microsoft 365 UAL logs so let's see what you know!


The Prize:

$100 Amazon Giftcard

The Rules:

  1. You must post your answer before Friday 3/7/25 7PM CST (GMT -5)
  2. The most complete answer wins
  3. You are allowed to edit your answer after posting
  4. If two answers are too similar for one to win, the one with the earlier posting time wins
  5. Be specific and be thoughtful
  6. Anonymous entries are allowed, please email them to dlcowen@gmail.com. Please state in your email if you would like to be anonymous or not if you win.
  7. In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post
  8. AI assistance is welcomed but if a post is deemed to be entirely AI written it will not qualify for a prize. 


The Challenge:
 
What log entries are left behind when the following scenarios occur:
 
1.  A user searches their own mailbox
 
2. A user searches their own onedrive
 
3. An administrator searches their own mailbox
 
4. An administrator searches their own one drive
 
5. An administrator searches someone else's mailbox
 
6. An administrator searches someone else's onedrive

 

Read More
sunday funday

Daily Blog #764: Solution Saturday 3/1/25

 

Hello Reader,

  No winner this week, I think sometimes I'm the only person who is digging into these weird topics. That's ok though I'll just do the testing myself and document it in future posts!


The Challenge:

 On a Windows 11 or Windows 10 system:

1. Make sure windows search is enabled

2. Create files with unique phrases such as "This is the smoking gun"

3. Make sure the files are indexed and present in the windows search db

4. Delete the document and determine what the trigger method is and the timing for the contents to be deleted from the search database

Bonus: Determine if the deleted records are recoverable

 
Read More
gpt4.5

Daily Blog #763: Forensic Test Kitchen trying Chat GPT 4.5!

 


Hello Reader,

Tonight we continued our exploration of Claude 3.7 in our creation of our CloudTrail downloading tool and even took a detour to Chat GPT 4.5 which solved our issues! Watch below and see how our models interpret our rules files.  


Read More
rules

Daily Blog #762: Forensic Test Kitchen with Cursor Rules


 

Hello Reader,

Tonight we continued to expand our usage of Claude 3.7 in Cursor to see if we can see can have the cursor rules files to get our model to behave better. Check out the video below:

 

 

Read More
Daily Blog

Daily Blog #761: Forensic Test Kitchen with more Claude 3.7!

 


 Hello Reader,

Tonight Evan Anderson and I went back into the world of AI code development with Claude 3.7. This time we decided to see if we could make it fix its prior error and add asynch downloads. It didn't end well but it reinforced to us that in the next stream we need to implement .cursorrules! You can watch below:

 

 

Read More
roles

Daily Blog #760: Forensic Lunch Test Kitchen adding role based discovery to our cloudtrail discovery tool

 


Hello Reader,

Today we are continuing our exploration of Claude 3.7 and Cursor to add support for AWS role testing for CloudTrail location and access to our CloudTrail discovery tool! It did actually work and we only found one thing that it broke! Watch it below. 


Read More
Daily Blog

Daily Blog #759: Forensic Lunch Test Kitchen with Claude 3.7 and Cursor!

 


Hello Reader,

 Today Evan Anderson and I got together and tested out the new Claude 3.7 Sonnet model with Cursor to build an application that finds AWS logs and then transfers them, with some bells and whistles added on. I think you'll be impressed if you see what this new version can do! You can watch it below:

 

 

Read More
windows search

Daily Blog #758: Sunday Funday 2/23/25

 


Hello Reader,

It's Sunday! This week's challenge is all about the windows search index! While we have parsers that support its contents its unclear to me when the database is updated/cleared when a file is deleted. Let's see what you all can do!


The Prize:

$100 Amazon Giftcard

The Rules:

  1. You must post your answer before Friday 2/28/25 7PM CST (GMT -5)
  2. The most complete answer wins
  3. You are allowed to edit your answer after posting
  4. If two answers are too similar for one to win, the one with the earlier posting time wins
  5. Be specific and be thoughtful
  6. Anonymous entries are allowed, please email them to dlcowen@gmail.com. Please state in your email if you would like to be anonymous or not if you win.
  7. In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post
  8. AI assistance is welcomed but if a post is deemed to be entirely AI written it will not qualify for a prize. 


The Challenge:

 On a Windows 11 or Windows 10 system:

1. Make sure windows search is enabled

2. Create files with unique phrases such as "This is the smoking gun"

3. Make sure the files are indexed and present in the windows search db

4. Delete the document and determine what the trigger method is and the timing for the contents to be deleted from the search database

Bonus: Determine if the deleted records are recoverable

Read More
Subscribe to: Posts ( Atom )