![]() “Autoruns” is a term used to refer to the collection of locations Windows looks for processes to start during boot time. To Memory Analysis: Malicious IP Addresses, Malicious Filenames.From Memory Analysis: Malicious Filenames or paths.To Disk Analysis: Malicious filenames or paths, possibly IP addresses.From Disk Analysis: Malicious filenames or paths. ![]() A great piece of software to take Screen Shots is Greenshot.A great note keeping App that teams can use to coordinate is OneNote.The reader should quickly understand what they’re looking at with the photo alone. Examples: Highlights, Boxes, Arrows Text.Notes should be accompanied by screenshots that tell a story.Understand your own thinking later… or after sleep.This is for team mates to understand your thinking.Keep solid notes on your thinking around evidence and data that you find.Autorunsc (The C at the end means its the Console Version).Have functional knowledge of the Autorunsc tool and know when to deploy it.Understand the importance of examining the ASEP’s on hosts.Be able to describe Auto start Extensibility Points (ASEP).The money goes to supporting our starving website dev and costs of hosting. Supporting the Websiteįeel free to check out our shop if you want to support the website. This post assumes you have a DFIR Analyst Station ready to analyze the AutoRuns and Disk Images of the Domain Controller from The Case of the Stolen Szechuan Sauce. Make sure you understand the basic rundown of forensic artifacts. Have you built your DFIR Fort Kickass, yet? How to build a DFIR Analyst Workstation found here. Reading Time: 20 minutes Case 001 AutoRuns Analysis
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |