Dan Pullega has published a useful “forensics quickie” in his blog. In the post he shows how to access and copy files out of Volume Shadow Copies (VSCs) from live systems remotely.
-
Threat Hunting: What it Is, and What it Is Not
Nowadays everybody is talking about threat hunting. Everyone wants to be a threat hunter. … -
Looking at Microsoft Teams from a DFIR Perspective
David Cowen’s Sunday Funday is back, so why not to take part in this fun? Last Sunda… -
SQM: New Evidence of Execution Source?
Forensicating one of compromised hosts during our recent incident response activities we h…
Load More Related Articles
-
Finding Registry Malware Persistence with RECmd
Chad Tilbury has writen a post on how to use Eric Zimmerman’s RECmd and its batch fi… -
Detecting PowerShell Empire Shenanigans with Sysinternals
In this post Ben Bornholm writes about how to detect PowerShell Empire using the tools fro… -
Analyzing the Windows LNK File Attack Method
An interesting post by D3xt3r’s Malware Laboratory describing another example of usi…
Load More In Tips & Tricks
Comments are closed.
