📔My own DFIR notes

The Mark of The Web (MOTW)LNK Shortcut Prefetch, AmCache, ShimCache in Windows Malicious Document (VBA, Office, PDF, ...)SRUM (System Resource Usage Monitor)Volatility notes Understand Logon Session in Windows "Very" Hidden sheets in Excel Hidden Processes

PreviousMisconfiguration 0x01 NextThe Mark of The Web (MOTW)

Last updated 2 years ago

Was this helpful?