search
GithubLinkedin

memo-circle-infoNote

Something need to be noted

hashtag
3 Important Things

  • Is there a malware that is actively in the system?

  • Is there any suspicious internal or external communication?

  • Is there any persistence?

Tools That Can Be Used

  • Process Hacker

  • Autoruns

  • FullEventLogView

  • LastActivityView

  • BrowsingHistoryView

Procedures That Must be Conducted for Memory Analysis

  • Process Tree

  • Web Connections

  • Signature Status

hashtag
User

  • Net user

  • Lusrmgr.msc

hashtag
Temp directory

  • %SystemRoot%\Temp

  • %UserProfile%\AppData\Local\Temp

  • C:\Users<user_name>\AppData\Roaming\Temp

  • %ProgramData%\Temp

hashtag
Windows memory

1

Image Identification

2

Processes and Threads

3

Network Connections

4

Registry Analysis

5

File Analysis

6

Malware Analysis

7

Service Analysis

hashtag
Linux Forensic

1

Image Identification

2

Processes and Threads

3

Network Connections

4

Linux Bash History / User Activities

5

File Analysis

6

Malware Analysis

circle-check

This knowledge has been compiled from resources provided by LetsDefendarrow-up-right.

PreviousWindows Disk

Last updated