Detection & Forensics
Technical guidance on how to identify insider activity through logs, forensic artifacts, system telemetry, and detection engineering practices.
Search
James Weston
Detection & Forensics
Identifying Torrented Media via File Metadata and Naming Patterns
The presence of pirated or torrented media on organization-owned endpoints poses more than a compliance issue; it may signal broader behavioral drift, technical misuse, or active infringement. This article outlines how insider threat teams can detect potentially unlawfully obtained media through common naming patterns, file extensions, and forensic markers observed...
Joshua Beaman
Detection & Forensics
Snipping Tool Artifacts of Visual Data Exfiltration
In insider threat cases involving data loss, a common assumption is that exfiltration occurs through conventional means: email, cloud uploads, removable media. However, some subjects bypass technical controls altogether by capturing data visually. The native Windows utility Snipping Tool provides one such method: enabling users to screenshot sensitive content directly...