⛔️ Spoiler alert! Case Details This is not an investigation like the previous one. This is threat hunting.
⛔️ Spoiler alert! Case Details Artefacts in posession: memory dump, OS event logs, registry files, Prefetch files, $MFT file, ShimCache, AmCache, network traffic dumps.
This is about … .
Settings Association It’s better to associate powershell scripts with notepad.exe that PowerShell for security reasons.