-
Goal: See on a system if some specific executeable was executed.
-
Registry Windows Event Logging File system analysis See the NTFS article about logging.
-
Dissect is a forensic tool for file system images,
-
Use cases Tools Standard unix tools like awk can also been used with a cat of a flow file. nfdump SiLK argus
-
Case: Ransomware
-
Checklist: Good stuff:
-
If the system is powered off: If the system is active: If the system is a VM: Other systems: Questions: