Here is an article by William Tan describing the usage of OS X FSEvents to discover deleted malicious artifacts. Reading this text you will learn about the File System Events (FSEvents), parsing them with David Cowen’s script FSEventsParser and using the results to detect OS X Malware.
-
Deep Analysis of New Poison Ivy Variant
Recently, the FortiGuard Labs research team observed that a new variant of Poison Ivy was … -
Understanding Orphaned Files
Phill Moore has written a nice post in his new blog – ThinkDFIR. This post will help… -
Memory Acquisition and Virtual Secure Mode
Jason Hale has published a post about the impact of VBS on memory acqusition. With Windows…
Load More Related Articles
-
Deep Analysis of New Poison Ivy Variant
Recently, the FortiGuard Labs research team observed that a new variant of Poison Ivy was … -
Using Outlook Forms for Lateral Movement and Persistence
During a recent investigation, CrowdStrike Services team identified an adversary attack me… -
Forensic Case Files: Chip Off, Chip On, The Chipper!
Cindy Murthy has published a post about her recent case where she and her team transplante…
Load More In Tips & Tricks
