In this post Brad Garnett writes about the importance of logging in incident response. Brad mentions such important digital evidence sources, as PowerShell logs, Sysmon and Cisco Advanced Malware Protection (AMP). He finishes the post with noting the importance of memory forensics for any blue team member.
-
50 Shades of Ransomware
Ransomware is still one of the most common types of malware deployed during cyberattacks. … -
Tools up: the best software and hardware tools for computer forensics
Igor Mikhailov is a digital forensic analyst of the digital forensic laboratory at Group-I… -
Following the RTM
Researchers became aware of the activities of the RTM group in December 2015. Since then, …
Load More Related Articles
-
Finding Registry Malware Persistence with RECmd
Chad Tilbury has writen a post on how to use Eric Zimmerman’s RECmd and its batch fi… -
Detecting PowerShell Empire Shenanigans with Sysinternals
In this post Ben Bornholm writes about how to detect PowerShell Empire using the tools fro… -
Analyzing the Windows LNK File Attack Method
An interesting post by D3xt3r’s Malware Laboratory describing another example of usi…
Load More In Tips & Tricks
