Windows Forensics & Intrusion Detection: Detecting Threats with Logs, PowerShell & Sysmon

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/bd/3d/11/bd3d1187-8de1-88c5-199c-8c4f13ffa0ae/mza_16560012528869136015.jpg/600x600bb.jpg

Everyday Cyber

Alex Reid

11 episodes

1 week ago

Everyday Cyber is your weekly guide to mastering cybersecurity — from real-world threats to real career growth. Hosted by cybersecurity analyst Alex Reid, this podcast delivers clear, actionable insights for anyone looking to stay safe online and break into the cyber industry. Whether you're a beginner exploring the field, prepping for certifications like Security+, SC-200, or aiming to land your first SOC analyst role — Everyday Cyber has your back. Each episode covers: Breaking down phishing attacks, ransomware, and real-world threats Blue team strategies and

Technology

RSS

All content for Everyday Cyber is the property of Alex Reid and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_nologo/44019277/44019277-1751810299545-229344e93dc64.jpg

Windows Forensics & Intrusion Detection: Detecting Threats with Logs, PowerShell & Sysmon | Ep. 5

Everyday Cyber

32 minutes 54 seconds

4 months ago

Windows Forensics & Intrusion Detection: Detecting Threats with Logs, PowerShell & Sysmon | Ep. 5

🔍 In this episode of the Everyday Cyber Podcast, host Alex Reid takes you deep into the world of Windows forensics and intrusion detection — revealing how defenders can track advanced attacks using native event logs, system artifacts, and modern blue team tools.

You’ll learn how to detect lateral movement, uncover PowerShell abuse, and investigate attacker activity using Prefetch, AppCompatCache, Amcache.hve, and Event ID correlation. We also cover how Sysmon dramatically improves visibility for detecting real-world threats.

🔐 Topics covered in this episode:

Prefetch, AppCompatCache, and Amcache forensic analysis
Tracking attacker movement with Event IDs 4648, 4688, and 7045
How to detect PsExec, WMI, and PowerShell Remoting
PowerShell logging: Script Block Logging, Downgrade Attacks, and Defense
Why Sysmon is a game-changer for endpoint intrusion detection
Real-world examples of "living off the land" attacks and how to catch them
Using event log artifacts to build a timeline of attacker behavior

Whether you're a SOC analyst, threat hunter, or just starting your cybersecurity career, this episode helps you level up your understanding of endpoint detection and response using only what’s built into the operating system.

Windows forensics

Intrusion detection

Cybersecurity podcast

SOC analyst tools

Threat detection

Event log analysis

PowerShell logging

Sysmon for security

Lateral movement detection

Amcache analysis

AppCompatCache

Prefetch forensic evidence

PsExec detection

WMI attack investigation

EDR strategies

Windows endpoint visibility

Security operations center

Detecting attacker behavior

Digital forensics podcast

Cybersecurity incident response