triage

YARA is useful when you need lightweight pattern matching across files during incident response or malware triage. I keep rules specific and review false positives often. Overbroad rules create noise fast, which is the enemy during an active investiga

During incidents I want a repeatable evidence collection script that preserves volatile context before a system changes again. Time, network state, processes, and recent logs usually matter immediately. Good collection is quiet, timestamped, and resis