Mari DeGrazia has published a very useful post, which will help you to learn how to find and decode malicious PowerShell scripts. You will learn, which events to check, how to detect PowerShell and decode scripts. According to Mari, it’s only the first part, she will keep writing and teach us how to detect malicious PowerShell scripts in registry (part 2) and memory (part 3).
-
A Brief History of Attribution Mistakes
This presentation will examine the analytic mistakes the infosec community has made over t… -
Windows Store & Apps Analysis
Here are research, tools and scripts presented at Magnet User Summit 2019 by Yogesh Khatri… -
Digital Forensics and Incident Response in G Suite
This talk uses a real-life case scenario to prepare attendees for responding to security i…
Load More Related Articles
-
Digging Up the Past: Windows Registry Forensics Revisited
David Via from FireEye has written a very good article focused on the following known sour… -
Extracting Activity History from PowerShell Process Dumps
Lee Holmes has posted about how to extract activity history from PowerShell process dumps.… -
An introduction to file-system post-mortem forensic analysis
Computer Incident Response Center of Luxembourg has published materials used during their …
Load More In How To
