This week I talk about how to find evidence of malicious autoruns in the windows registry.
This week I talk about the forensic value of the Apple Spotlight DB.
When you talk autoruns you must talk about the Windows registry. This artifact is very dense and it may be difficult to zero in on the elements that are important for compromise assessment. Given that, I am going to begin the series with a breakdown of the Windows Registry from a DFIR point of view. This is crucial in understanding ...