Identifying Malicious Code Infections Out of Network

by Ken Dunham
Sept. 1, 2017 0 comments SANS Institute forensics

Forensics is a complex subject, where details matter greatly. Even more complicated are investigations where forensic methods are used to further understand, identify, capture, and mature and understanding of a malicious attack that may have taken place on a computer. This is increasingly common in the commercial sector where images of an infected drive are made during incident handling, then analyzed postincident to fully understand an attack.

https://www.sans.org/reading-room/whitepapers/forensics/identifying-malicious-code-infections-net...