In this post Brad Garnett writes about the importance of logging in incident response. Brad mentions such important digital evidence sources, as PowerShell logs, Sysmon and Cisco Advanced Malware Protection (AMP). He finishes the post with noting the importance of memory forensics for any blue team member.
-
Diffy: A Triage Tool for Cloud-Centric Incident Response
Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix’… -
Office365 Log Analysis Framework
After yesterday’s webcast Matt Bromiley released his Office365 Log Analysis Framewor… -
Detecting Malicious PowerShell Commands using Deep Neural Networks
Microsoft’s PowerShell is a command-line shell and scripting language that is instal…
Load More Related Articles
-
Smartphone Acquisition: Adapt, Adjust and Get Smarter!
Heather Mahalik has posted about a list of recommendations on iOS and Android-based smartp… -
Beginner Malware Reversing Challenges
The purpose of these challenges is to familiarize beginners with common malware techniques… -
Detecting script-based attacks on Linux
In this post John Booth describes how to detect encoded or obfuscated command-lines used b…
Load More In Tips & Tricks
