In part 1 of this blog data was exfiltrated from a workstation to GitHub using Git. In part 2, we’ll dive into investigating the data on a Windows 10 workstation to determine whether any sensitive data was exfiltrated to GitHub using Git. The investigation focuses on analyzing traces left on the device, excluding network activity logs.

In this two-part blog post, we’ll explore how data exfiltration to GitHub can be carried out from a Windows 10 workstation and how to investigate such incidents. Part 1 focuses on how data can be exfiltrated using Git and GitHub. In Part 2, we’ll dive into forensic techniques to retrieve evidence of data exfiltration and determine what was sent from the workstation.