I wrote up a post on the SANS Digital Forensics blog titled Digital Forensics: Persistence Registry keys where I gave a couple of links to text files containing Registry keys for Windows XP SP3 system that I'd run Autoruns on to gather a list of Registry keys that could (possibly) be used as persistence vector's for malware.
I have collected similar lists for Windows Vista and Windows 7. The files are available at trustedsignal.com/IR.
Friday, October 22, 2010
Subscribe to:
Posts (Atom)
-
If you're fortunate enough to be running a modern endpoint detection and response (EDR) product or even endpoint protection (EPP), you m...
-
I've been playing around with the matasano crypto challenges for my own edification. Let me say up front, I'm a noob when it comes t...
-
Kansa is an incident response framework written in PowerShell, useful for data collection and analysis. Most of the analysis capabilities ...