This week’s focus is on other scheduled task events useful for DFIR triage.
This week I talk about a popular Windows utility attackers often exploit.
This week I breakdown the SUDOERS file for forensic triage.
This week’s focus is on new scheduled tasks, which are a common way of establishing longevity on system. I will have my breakdown of the artifact and how to interpret it for fast analysis coming up….