DFSP # 428 - It's all about that XML

DFSP # 428 - It's all about that XML

When you're triaging a Windows system for evidence of compromise, it's ideal if your plan is focused on some quick wins upfront. There are certain artifacts that offer this opportunity, and Windows Events for New Scheduled Tasks are one of them. Sometimes overlooked, at least in part, because the good stuff contained within the XML portion of the log. This week I'm covering the artifact from a DFIR point of view, I'll go over all the elements of the log entry that are of interest for investigations, and I'll provide a triage methodology that you can employ to find evidence quickly.

Det här avsnittet är hämtat från ett öppet RSS-flöde och publiceras inte av Podme. Det kan innehålla reklam.

Avsnitt(498)

Populärt inom Vetenskap

p3-dystopia
dumma-manniskor
allt-du-velat-veta
medicinvetarna
svd-nyhetsartiklar
kapitalet-en-podd-om-ekonomi
sexet
rss-ufobortom-rimligt-tvivel
rss-kriminologerna
bildningspodden
rss-vetenskapsradion-2
halsorevolutionen
rss-broccolipodden-en-podcast-som-inte-handlar-om-broccoli
det-morka-psyket
paranormalt-med-caroline-giertz
dumforklarat
rss-spraket
vetenskapsradion
pojkmottagningen
rss-odla