DFSP # 428 - It’s all about that XML | allinfosecnews.com

April 30, 2024, 12:06 p.m. |

Digital Forensic Survival Podcast digitalforensicsurvivalpodcast.libsyn.com

When you're triaging a Windows system for evidence of compromise, it's ideal if your plan is focused on some quick wins upfront. There are certain artifacts that offer this opportunity, and Windows Events for New Scheduled Tasks are one of them. Sometimes overlooked, at least in part, because the good stuff contained within the XML portion of the log. This week I'm covering the artifact from a DFIR point of view, I'll go over all the elements of the log …

artifacts compromise events evidence good offer opportunity system the good windows windows system wins xml

More from digitalforensicsurvivalpodcast.libsyn.com / Digital Forensic Survival Podcast

DFSP # 430 - Targeting Tasks 1 day, 23 hours ago | digitalforensicsurvivalpodcast.libsyn.com

analyst artifacts assessment attackers +10

DFSP # 429 - Career Moves 1 week, 1 day ago | digitalforensicsurvivalpodcast.libsyn.com

career course dfir future +9

DFSP # 428 - It’s all about that XML 2 weeks, 1 day ago | digitalforensicsurvivalpodcast.libsyn.com

artifacts compromise events evidence +9

DFSP # 427 - MOF Balls 3 weeks, 1 day ago | digitalforensicsurvivalpodcast.libsyn.com

app artifact attackers dfir +11

DFSP # 426 - SSH Forensics: Log Analysis 4 weeks, 1 day ago | digitalforensicsurvivalpodcast.libsyn.com

analysis analyst forensics important +9

DFSP # 425 - SSH Forensics: Host-Based Artifacts 1 month ago | digitalforensicsurvivalpodcast.libsyn.com

artifacts explained fast forensics +7

DFSP # 424 - SSH Forensics: Understanding Secure Shell 1 month, 1 week ago | digitalforensicsurvivalpodcast.libsyn.com

access basics communications concepts +18

DFSP # 423 - Guiding Lights: Cyber Investigations Investigation Lifecycle 1 month, 2 weeks ago | digitalforensicsurvivalpodcast.libsyn.com

aspect clear cyber cyber investigations +18

DFSP # 422 - EVTX Express: Cracking into Windows Logs Like a Pro 1 month, 3 weeks ago | digitalforensicsurvivalpodcast.libsyn.com

access cracking event event logs +17

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Lead Security Architect

@ Fireblocks | Tel Aviv-Yafo, Tel Aviv District, Israel

View on infosec-jobs.com

Senior Software Development Engineer, AWS Security SecDevOps

@ Amazon.com | Courbevoie, Ile-de-France, FRA

View on infosec-jobs.com

Senior Professional Services Consultant XSIAM - Spain

@ Palo Alto Networks | Madrid, Spain

View on infosec-jobs.com