Posts Tagged ‘windows 10 forensics’

This material will be presented in 2 parts. The first part will explain some interception techniques, the second part will explain how to detect them. There are no files in kernel mode, the author will be considered both for user mode and kernel mode in the x86 system in this article.

Kirtar Oz is involved in the analysis of PowerShell attacks among customers. He came up with several indicators that will help detect potential PowerShell attacks in the environment. These indicators are based on analysis and research.

Steganography is a science that studies the ways of hidden transmission of information by hiding the very fact of transmission. Science is absolutely not new in its idea, but with the invention of digital ways of implementing algorithms used in it, its development has reached an essentially new level. Three different samples of malicious programs in network attacks containing tools for intellectual analysis of crypto-currency, hidden in forged image files were identified in 2017.

The file system is the contents of the notepad, and the file is the word. For hard disks in a PC at the moment, two file systems are most common: FAT or NTFS. First FAT (FAT16) appeared, then FAT32, and then NTFS.