![]() Why is it important? Because on a hacked or malware infected machines, it is not uncommon for the attacker/malware to install rootkits or replace some common commands/binaries of the system/server in order to hide or cover their tracks. Next, what info or data should we gather? What tools to use? In IT Forensic, we normally talk about using trusted binaries. ![]() malware that runs in memory only if we were to shut down the system immediately How about what can we do to perform live forensic on Windows systems sounds to you?īefore we touch that, why do we need to do live forensic at the first place? For a few reasons:Ī) It is a production server and the Business Owner or System Admin would not let you shut down the system/server for offline forensicī) The server/system is at a location that you could not go there physicallyĬ) We afraid that we may lost crucial information e.g. Hence, today, let's get more real and technical. Those are just theories as one might say. ![]() In the last posts, I talked about the processes of IT Forensic.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |