Host Forensics Meta

It just isn't fun. There is no meta. Take notes. Know the internals of the operating system you are working on. Like actually know it. Enough to get a job doing it... because people will hire you if you can do host forensics well. It's 90% of Incident Response jobs.

Know normal, find evil. Always assume the weirdest thing is probably the right thread to pull on, and also assume it's a red herring.

For an actual pro-tip, build a timeline of what occurred. Usually the target to forensicate occurred as the last session that happened on the box, or at least the second to last session.

Host forensics is a ridiculous amount of work. There's a ton to write and read, staying up to date on the operating systems is a nightmare...

Or you can just do... guess what I recommend?

Hoppers Roppers 2024            Date: 2024-02-25 22:05:39

results matching ""

    No results matching ""