This week, we’re focusing on the Windows Prefetch artifact—a cornerstone in Windows forensics, especially for user endpoint investigations. In this episode, I’ll break down the Prefetch artifact from an investigative perspective, covering how to effectively leverage its evidence in forensic analysis. I’ll also highlight any recent changes to the artifact that may impact its value, ensuring you’re aware of everything you need to know for your investigations.
This week, we’re exploring malware triage techniques. Unlike full binary analysis, malware triage is often seen as an essential skill that every digital forensic and incident response professional should master. In this episode, I’ll walk you through the core elements of malware triage, helping you understand the various skills needed to meet industry expectations. By the end, any analyst should feel confident in examining a binary and applying these techniques to uncover potential malicious content.
This week, we’re diving into how to triage for PSEXEC evidence. PSEXEC leaves traces on both the source and target systems, making it essential to identify artifacts on each to determine whether a system was used as an attacker’s tool or was the target of an attack. While PSEXEC has somewhat fallen out of favor due to increased use of PowerShell for similar activities, it remains a commonly abused utility among attackers. In this episode, we’ll break down the key artifacts and methodologies for effective triage.
Understanding how to search for executables is a critical skill in computer forensics. There are major differences in how executables are handled between Windows and Linux systems, so techniques that work on Windows won’t always translate effectively to Linux. In this episode, I’ll break down some triage techniques to help you quickly identify suspicious executables on Linux systems.
Welcome to today’s episode! We’re diving into network triage, focusing specifically on listening ports. While we often look for active connections, identifying suspicious services listening on a port can be equally crucial in your investigation. It’s essential to gather this information for both current, real-time data and historical analysis, providing a more complete view of network activity.