Note

Something need to be noted

3 Important Things

• Is there a malware that is actively in the system?

• Is there any suspicious internal or external communication?

• Is there any persistence?

Tools That Can Be Used

• Process Hacker

• Autoruns

• FullEventLogView

• LastActivityView

• BrowsingHistoryView

Procedures That Must be Conducted for Memory Analysis

• Process Tree

• Web Connections

• Signature Status

User

• Net user

• Lusrmgr.msc

Temp directory

• %SystemRoot%\Temp

• %UserProfile%\AppData\Local\Temp

• C:\Users<user_name>\AppData\Roaming\Temp

• %ProgramData%\Temp

Windows memory

1

Image Identification

2

Processes and Threads

3

Network Connections

4

Registry Analysis

5

File Analysis

6

Malware Analysis

7

Service Analysis

Linux Forensic

1

Image Identification

2

Processes and Threads

3

Network Connections

4

Linux Bash History / User Activities

5

File Analysis

6

Malware Analysis

This knowledge has been compiled from resources provided by LetsDefend.