Hello Reader,
This week Oleg Skulkin has come in with another win! Oleg found some interesting results. In Oleg's testing all of his executions were caught by the Amcache, except those programs executed from external storage volumes. Very interesting! I think we will have to go back to Syscache and Amcache again in the near future to find more about what Oleg was seeing!
What are all the methods of execution you can find that are not recorded in the Amcache hive?
The Winning Answer:
Oleg Skulkin
https://cyberforensicator.com/2019/02/06/amcache-forensics-populated-or-not/
This week Oleg Skulkin has come in with another win! Oleg found some interesting results. In Oleg's testing all of his executions were caught by the Amcache, except those programs executed from external storage volumes. Very interesting! I think we will have to go back to Syscache and Amcache again in the near future to find more about what Oleg was seeing!
The Challenge:
The Winning Answer:
Oleg Skulkin
https://cyberforensicator.com/2019/02/06/amcache-forensics-populated-or-not/
Also Read: Daily Blog #621
Post a Comment