As a continuation of the “Introduction to Windows Forensics” series by Richard Davis, this episode looks at persistence mechanisms often utilized by malware. First, youâll look at the ubiquitous âRunâ and âRunOnceâ keys, as well as a great article that summarizes many of the other Autostart Extensibility Points (ASEPs) youâre likely to encounter. Then, youâll look at Autoruns from Sysinternals. This utility will automatically parse and aggregate these ASEPs and show us the dozens of places in which we can tell Windows to automatically start a program. Lastly, youâll look at new research that identifies another feature of Windows that can be exploited to achieve persistence, but that will NOT show up in Autoruns or in other tools that attempt to display this information.
-
Find out what happened during a ransomware attack on computer
Introduction The encryption pandemic has swept the world. No commercial companies or gover… -
PC3000 Portable III in Digital Forensics
Introduction Sooner or later, most forensics experts have to deal with damaged hard drives… -
How to analyze different types of devices and find connections between them
Modern digital forensics and incident response cases may involve quite different types of …
Load More Related Articles
-
-
The Five Most Dangerous New Attack Techniques and How to Counter Them
Which are the most dangerous new attack techniques? How do they work? How can you stop the… -
Visual Analysis with ProcDOT
In the new episode of “Introduction to Malware Analysis” series Richard Davis …
Load More In Videos
Comments are closed.
