In this post Brad Garnett writes about the importance of logging in incident response. Brad mentions such important digital evidence sources, as PowerShell logs, Sysmon and Cisco Advanced Malware Protection (AMP). He finishes the post with noting the importance of memory forensics for any blue team member.
-
Recover Deleted Records in Windows.edb with WinSearchDBAnalyzer
WinSearchDBAnalyzer by Jeonghyeon Kim can parse normal records and recover deleted records… -
Visual Analysis with ProcDOT
In the new episode of “Introduction to Malware Analysis” series Richard Davis … -
Amcache Forensics: Populated or Not?
New Sunday – new Funday! This week’s Sunday Funday presented the following cha…
Load More Related Articles
-
Cobalt Strike Remote Threads Detection
Olaf Hartong has writted a blog post in which he shows how to use “Create Remote Thread” e… -
Robust Use of PsExec That Doesn’t Reveal Password Hashes
Brian Carrier and Chris Ray have found a way how to run PsExec and not reveal admin passwo… -
Beyond good ol’ LaunchAgent – part 0
Pasquale Stirparo has started a post series about macOS persistense mechanisms titled R…
Load More In Tips & Tricks
