A typical organization sees anywhere from scores to thousands of alerts daily. Many of those alerts are indicating a variety of problems with hosts. An all too common approach is to reimage affected systems. Unsurprisingly this is the equivalent of playing whack-a-mole. At the other end of the spectrum the host undergoes a forensics examination taking days of effort. Fortunately there is a middle ground. In this talk we'll focus on techniques to conduct quick yet effective examinations of windows hosts. In many cases we can use these methods to confirm or disprove a breach situation and determine root cause in minutes, not days.
Yes, I know I have the wrong title in the video.
If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek