Browser history can play a critical role in incident response, from helping analysts reconstruct user activity and validating alerts, to uncovering malicious behavior. But retrieving raw artifacts from endpoints is often slow, manual, and inconsistent.
In this technical session, Ahmad Aziz, Security Engineer II at Booking.com, will share his winning entry from the 2024 “You Did WHAT?! With Tines” (YDWWT) competition: a fully automated workflow that pulls raw browser history artifacts from devices using CrowdStrike and prepares them for offline forensic analysis.
You’ll get a behind-the-scenes look at:
- The limitations that led Ahmad to build this workflow
- How the workflow uses CrowdStrike APIs to extract browser history artifacts
- How Ahmad uses the output to help his investigation
- Tips for adapting this workflow in your own environment
Tune in to discover how you can turn real-world security challenges into creative stories (and maybe even be inspired to submit your own story to the next round of YDWWT!).