Endpoint Forensics
Endpoint Forensics
Endpoint forensics challenges focusing on investigating compromised Windows and Linux systems through artifact analysis, memory forensics, and evidence collection.
What You'll Learn
- Windows artifact analysis (Registry, Event Logs, Prefetch, MFT)
- Linux forensics and log analysis
- Memory forensics and process analysis
- Browser history and user activity investigation
- Timeline analysis and evidence correlation
Prerequisites
- Understanding of Windows and Linux operating systems
- Familiarity with file systems (NTFS, ext4)
- Basic knowledge of forensic tools (Autopsy, FTK Imager, Volatility)
- Command line proficiency in Windows and Linux
All Content
Spooler APT28
The SOC team was notified by the IT department regarding a potentially compromised workstation recently reassigned to a new government employee named Keela.
The Crime
We're currently in the midst of a murder investigation, and we've obtained the victim's phone as a key piece of evidence.
Volatility Traces
On May 2, 2024, a multinational corporation identified suspicious PowerShell processes on critical systems, indicating a potential malware infiltration.
YARA Trap
Wowza Enterprise recently deployed a secure malware analysis portal on an isolated workstation, accessible only to internal threat analysts.