Black Mirror of Execution: How new artifacts have changed the 'O' and the 'D'

Name: Black Mirror of Execution: How new artifacts have changed the 'O' and the 'D'
Uploaded: 2017-09-18
Duration: 54 min 12 s
Description: BSides Augusta 2017 Alissa Torres (@sibertor) Black Mirror of Execution: How new artifacts have changed the 'O' and the 'D' Windows tracks system/user activity with growing sophistication and granularity. Let's walk through some of this forensic evidence of execution that few examiners know about

BSides Augusta · 201754:12192 viewsPublished 2017-09Watch on YouTube ↗

Speakers

Alissa Torres

Tags

CategoryTechnical

StyleTalk

About this talk

BSides Augusta 2017 Alissa Torres (@sibertor) Black Mirror of Execution: How new artifacts have changed the 'O' and the 'D' Windows tracks system/user activity with growing sophistication and granularity. Let's walk through some of this forensic evidence of execution that few examiners know about and seldom used by such a Srum, AmCache and SCCM data. Alissa will dissect 4 case studies where these newly identified artifacts cracked the case and unlocked the story of what happened on the system, and who did it and when.

Black Mirror of Execution: How new artifacts have changed the 'O' and the 'D'

Related talks