Podme logo
KotiLöydäKategoriatEtsiOpiskelijoille
7MS #299: Windows System Forensics 101

7MS #299: Windows System Forensics 101

10:542018-02-28

Jaksokuvaus

I had the privilege of creating a Windows System Forensics 101 course/presentation for a customer. The good/bad news is there is so much good information out there, it's hard to boil things down to just an hour. For the first part of the presentation, I focused on Mark Russinovich's technique of using Sysinternals as the primary surgical tool. This approach includes things like: Use Process Explorer to find processes with no signature and/or description. Put any suspicious processes to sleep before killing them (it's more humane! :-) Use autoruns to find registry entries, scheduled tasks, etc. that might be hooked to malicious executables that run on startup. Rinse and repeat. In part 2 (coming up soon!), I'll continue the forensics fight and talk about tools like Redline, Volatility and FTK Imager! Stay tuned.

logo

PODME

TIEDOT

  • Evästekäytäntö
  • Käyttöehdot
  • Tietosuojakäytäntö
  • Medialle

LATAA SOVELLUKSEMME!

app storegoogle play store

ALUEELLA

flag
  • sweden_flag
  • norway_flag
  • finland_flag

© Podme AB 2024