Home Videos Persistence Mechanisms

Persistence Mechanisms


As a continuation of the “Introduction to Windows Forensics” series by Richard Davis, this episode looks at persistence mechanisms often utilized by malware. First, you’ll look at the ubiquitous “Run” and “RunOnce” keys, as well as a great article that summarizes many of the other Autostart Extensibility Points (ASEPs) you’re likely to encounter. Then, you’ll look at Autoruns from Sysinternals. This utility will automatically parse and aggregate these ASEPs and show us the dozens of places in which we can tell Windows to automatically start a program. Lastly, you’ll look at new research that identifies another feature of Windows that can be exploited to achieve persistence, but that will NOT show up in Autoruns or in other tools that attempt to display this information.

Load More Related Articles
Load More In Videos
Comments are closed.