Investigating windows event logs TEMPEST tryhackme hack P1

This video aims to introduce the process of analysing endpoint and network logs from a compromised asset. Given the artefacts(sysmon Logs,Windows logs, & packet captured logs), we will aim to uncover the incident from the Tempest machine. to determine how the attack took place.

Tempest Incident In this incident, we will act as an Incident Responder from an alert triaged by one of your Security Operations Center analysts. The analyst has confirmed that the alert has a CRITICAL severity that needs further investigation.

As reported by the SOC analyst, the intrusion started from a malicious document. In addition, the analyst compiled the essential information generated by the alert as listed below:

The malicious document has a .doc extension.

The user downloaded the malicious document via chrome.exe.

The malicious document then executed a chain of commands to attain code execution.

Let get started.

windows event log analysis,windows event log forensics,windows event logs,windows event viewer,how to analyse windows event logs,windows events,how to use event logs,understanding windows event logs,log analysis,how to analyse event logs,analysing event logs,system event logs,security event logs,information security,event logs,how to use event viewer,cyber security analyst,cyber security training for beginners,event viewer,cybersecurity careers

Timestamp 00:00 Introduction (Objectives) 02:45 Task 1 (Introduction to tasks) 04:15 Task 2 (Log analysis & Event Correlation) 07:12 Task 3 (Tools & artefact) 13:28 Task 4 (Malicious document) 37:02 Conclusion

#windows #eventlogs #tempest #investigation #dfir #digitalforensics #digitalforensic ... https://www.youtube.com/watch?v=O5si_kPROh0