0 0 APP

Digging Up the Past: Windows Registry Forensics Revisited

发布于 2019/01/09 FireEye Blog
Introduction FireEye consultants frequently utilize Windows registry data when performing forensic analysis of computer networks as part of incident response and compromise assessment missions. This can be useful to discover malicious activity and to determine what data may have been stolen from a network. Many different types of data are present in the registry that can provide evidence of program execution, application settings, malware persistence, and other valuable artifacts. Performing forensic analysis of past attacks can be particularly challenging. Advanced persistent ... 登录后阅读全文