This week I talk about lateral movement fast triage. This is the next topic in the Windows fast triage miniseries and it aligns with the goal of the entire series, which is to help new or any analyst identify the most accessible artifacts that may be quickly analyzed to find evidence of compromise. So far we have dealt with persistence, suspicious network activity, and suspicious processes. As always, I will provide a simple yet effective approach to work with lateral movement artifacts.