PowerShell

CyberCorp2

⛔️ Spoiler alert! Case Details This is not an investigation like the previous one. This is threat hunting.

CyberCorp1

⛔️ Spoiler alert! Case Details Artefacts in posession: memory dump, OS event logs, registry files, Prefetch files, $MFT file, ShimCache, AmCache, network traffic dumps.

📕 Windows RTFM

This is about … .

📘 Powershell BTFM

Settings Association It’s better to associate powershell scripts with notepad.exe that PowerShell for security reasons.