Information security specialists use multiple tools to detect and track system events. In 2016, a new utility called Sigma appeared in their arsenal. Its numerous functions will save you time and make your life much easier.

When you investigate an incident, it’s critical to establish the exact time of the attack and method used to compromise the system. This enables you to track the entire chain of operations performed by the malefactor. Today, I will show how to do this using the Timesketch tool.

As you are likely aware, forensic analysis tools quickly become obsolete, while hackers continuously invent new techniques enabling them to cover tracks! As a result, valiant DFIR (Digital Forensics and Incident Response) fighters suffer fiascoes on a regular basis. So, I suggest to put aside the outdated (but no less sharp Scalpel) for now and look around for new tools.