📔My own DFIR notes
The Mark of The Web (MOTW)LNK ShortcutPrefetch, AmCache, ShimCache in WindowsMalicious Document (VBA, Office, PDF, ...)SRUM (System Resource Usage Monitor)Volatility notesUnderstand Logon Session in Windows"Very" Hidden sheets in ExcelHidden Processes
Last updated
Was this helpful?