Tags → #ransomware
-
Prefetch Files: Identifying Files Targeted by Data Extraction, Staging and Exfiltration
Prefetch files provide significant value to a forensic investigation and may assist in identifying files targeted as part of data extraction, staging and exfiltration.
-
File Carving: Encrypted Virtual Hard Disks
A significant development in ransomware attacks in recent years is the encryption of virtual hard disks. Is there a way to obtain at least some data out of these encrypted disks?
-
Puzzle Pieces: RDP Bitmap Cache
Learn how the RDP Bitmap Cache provides valuable snippets that fill gaps in forensic investigations, revealing Threat Actors activities during RDP sessions.