When an attacker conducts an intrusion using A, B or C technique, some of his actions leave artifact X, Y or Z behind. So, based on the scenario from the last article about PlugX, I collected a disk image and memory image from the domain controller. Over the past years I wrote several articles on […]
Article Link: https://countuponsecurity.com/2018/06/20/digital-forensics-plugx-and-artifacts-left-behind/