In Part 1 we talked about Loki, Logparser and DeepBlueCLI for analyzing offline forensic artifacts in an effort to get the low hanging fruit left behind by most threat actors. Part 2 will focus on KAPE and Windows Registry analysis. 4. Parse all the things with KAPE! KAPE is a free tool which helps DFIR … Continue reading Find Evil in 5 Easy Steps – Part2
dfirtnt.wordpress.com 