Note

Something need to be noted

3 Important Things

Is there a malware that is actively in the system?
Is there any suspicious internal or external communication?
Is there any persistence?

Tools That Can Be Used

Process Hacker
Autoruns
FullEventLogView
LastActivityView
BrowsingHistoryView

Procedures That Must be Conducted for Memory Analysis

Process Tree
Web Connections
Signature Status

User

Net user
Lusrmgr.msc

Temp directory

%SystemRoot%\Temp
%UserProfile%\AppData\Local\Temp
C:\Users<user_name>\AppData\Roaming\Temp
%ProgramData%\Temp

Windows memory

Image Identification

Processes and Threads

Network Connections

Registry Analysis

File Analysis

Malware Analysis

Service Analysis

Linux Forensic

Image Identification

Processes and Threads

Network Connections

Linux Bash History / User Activities

File Analysis

Malware Analysis

PreviousWindows Disk

Last updated 1 month ago

Was this helpful?

Note

Something need to be noted

3 Important Things

Is there a malware that is actively in the system?
Is there any suspicious internal or external communication?
Is there any persistence?

Tools That Can Be Used

Process Hacker
Autoruns
FullEventLogView
LastActivityView
BrowsingHistoryView

Procedures That Must be Conducted for Memory Analysis

Process Tree
Web Connections
Signature Status

User

Net user
Lusrmgr.msc

Temp directory

%SystemRoot%\Temp
%UserProfile%\AppData\Local\Temp
C:\Users<user_name>\AppData\Roaming\Temp
%ProgramData%\Temp

Windows memory

Image Identification

Processes and Threads

Network Connections

Registry Analysis

File Analysis

Malware Analysis

Service Analysis

Linux Forensic

Image Identification

Processes and Threads

Network Connections

Linux Bash History / User Activities

File Analysis

Malware Analysis

This knowledge has been compiled from resources provided by .

PreviousWindows Disk

Last updated 1 month ago

Was this helpful?