Catalog
Training programs
Keyword search, date-range pills, track tags, and a month-grid toggle keep the catalog readable for busy operations leads.
Endpoint Evidence Studio (Windows)
Build repeatable host triage workflows for Windows estates using structured timelines, volatile capture checklists, and artifact maps your IT team can reuse.
Cloud Trail Reconstruction Lab
Reassemble multi-account activity narratives using cloud audit signals, identity pivots, and service-map context without drowning in raw exports.
Mailbox Storylines for Analysts
Turn noisy message traces into defensible storylines using header discipline, routing context, and cautious interpretation guardrails.
Insider Case Tabletop Intensive
Walk a full insider-adjacent narrative from first signal to internal reconciliation sync, with emphasis on cross-functional comms and evidence boundaries.
Forensic Lab Foundations for IT
Stand up a pragmatic internal lab footprint: imaging stations, access tiers, and maintenance rhythms that security and IT can both support.
Mobile Device Triage for Help Desk Leaders
Give frontline IT leaders a careful first-pass playbook for modern handsets, emphasizing preservation, respectful user comms, and when to escalate.
Kubernetes Forensics Primer
Introduce container-era evidence concepts to platform teams: workload identity, ephemeral storage, and audit hooks that survive a busy release calendar.
Collaboration Forensics for Distributed Teams
Investigate chat and shared workspace tools with disciplined exports, retention awareness, and respectful narratives for remote teams.
Executive Briefing Studio for Technical Leads
Translate complex forensic findings into concise briefings for leadership, emphasizing decisions needed, confidence levels, and next steps.