Mari DeGrazia has published a very useful post, which will help you to learn how to find and decode malicious PowerShell scripts. You will learn, which events to check, how to detect PowerShell and decode scripts. According to Mari, it’s only the first part, she will keep writing and teach us how to detect malicious PowerShell scripts in registry (part 2) and memory (part 3).
-
Autopsy 4.10.0 and the Sleuth kit 4.6.5 have been released
The new versions of the most popular open source DFIR tools, Autopsy and the Sleuth kit, h… -
volatility-wnf: Browse and dump Windows Notification Facilities
This Volatility plugin is based on work of Alex Ionescu and Gabrielle Viala. https://blog.… -
Learning Android Forensics, 2nd Edition has been released
The 2nd edition of Learning Android Forensics by Oleg Skulkin, Donnie Tindal and Rohit Tam…
Load More Related Articles
-
Digging Up the Past: Windows Registry Forensics Revisited
David Via from FireEye has written a very good article focused on the following known sour… -
Extracting Activity History from PowerShell Process Dumps
Lee Holmes has posted about how to extract activity history from PowerShell process dumps.… -
An introduction to file-system post-mortem forensic analysis
Computer Incident Response Center of Luxembourg has published materials used during their …
Load More In How To
