search

📔My own DFIR notes

The Mark of The Web (MOTW)chevron-rightLNK Shortcutchevron-rightPrefetch, AmCache, ShimCache in Windowschevron-rightMalicious Document (VBA, Office, PDF, ...)chevron-rightSRUM (System Resource Usage Monitor)chevron-rightVolatility noteschevron-rightUnderstand Logon Session in Windowschevron-right"Very" Hidden sheets in Excelchevron-rightHidden Processeschevron-right
PreviousMisconfiguration 0x01NextThe Mark of The Web (MOTW)

Last updated