In this post Brad Garnett writes about the importance of logging in incident response. Brad mentions such important digital evidence sources, as PowerShell logs, Sysmon and Cisco Advanced Malware Protection (AMP). He finishes the post with noting the importance of memory forensics for any blue team member.
-
Memory forensics and the Windows Subsystem for Linux
The Windows Subsystem for Linux (WSL) was first included in the Anniversary Update of Micr… -
Breaking Full Disk Encryption
Full Disk Encryption (FDE) may be rather useful as a defense mechanism against potential t… -
How to Put a Qualcomm Phone into EDL Mode
In this post Magnet Forensics talks about Emergency Download (EDL). This is a Qualcomm fea…
Load More Related Articles
-
How to Put a Qualcomm Phone into EDL Mode
In this post Magnet Forensics talks about Emergency Download (EDL). This is a Qualcomm fea… -
Using SQL Server 2016 Temporal Tables for Data Forensics and Auditing
Temporal Tables are a new feature of SQL Server 2016. Join Pragmatic Works to learn what t… -
The Newest Version of SANS Windows Forensic Analysis Poster is Online
SANS DFIR posted the newest version of Windows Forensic Analysis poster. Updated Windows T…
Load More In Tips & Tricks
