Info

Digital Forensic Survival Podcast

Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.
RSS Feed
Digital Forensic Survival Podcast
2024
May
April
March
February
January


2023
December
November
October
September
August
July
June
May
April
March
February
January


2022
December
November
October
September
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February


All Episodes
Archives
Now displaying: Page 1
Apr 30, 2024

When you're triaging a Windows system for evidence of compromise, it's ideal if your plan is focused on some quick wins upfront. There are certain artifacts that offer this opportunity, and Windows Events for New Scheduled Tasks are one of them. Sometimes overlooked, at least in part, because the good stuff contained within the XML portion of the log. This week I'm covering the artifact from a DFIR point of view, I'll go over all the elements of the log entry that are of interest for investigations, and I'll provide a triage methodology that you can employ to find evidence quickly.

0 Comments
Adding comments is not available at this time.