DFSP # 428 - It's all about that XML

DFSP # 428 - It's all about that XML

When you're triaging a Windows system for evidence of compromise, it's ideal if your plan is focused on some quick wins upfront. There are certain artifacts that offer this opportunity, and Windows Events for New Scheduled Tasks are one of them. Sometimes overlooked, at least in part, because the good stuff contained within the XML portion of the log. This week I'm covering the artifact from a DFIR point of view, I'll go over all the elements of the log entry that are of interest for investigations, and I'll provide a triage methodology that you can employ to find evidence quickly.

Denne episoden er hentet fra en åpen RSS-feed og er ikke publisert av Podme. Den kan derfor inneholde annonser.

Episoder(498)

Populært innen Vitenskap

fastlegen
tingenes-tilstand
jss
forskningno
liberal-halvtime
rekommandert
sinnsyn
smart-forklart
dekodet-2
fjellsportpodden
villmarksliv
rss-nysgjerrige-norge
rss-rekommandert
noen-har-snakket-sammen
rss-paradigmepodden
rss-overskuddsliv
nevropodden
rss-kunstig-intelligens-med-elisabeth-maren-og-morten
vett-og-vitenskap-med-gaute-einevoll
rss-inn-til-kjernen-med-sunniva-rose