Digital Forensic Survival Podcast
This week we’re going to take a look at how standard triage methodology can detect advanced attack techniques. Even as a newer examiners, if you learn the standard triage methods that I have covered in the fast triage series, you will find the skills provide ample opportunity to detect all sorts attack activity-even very advanced attack activity. This is because there are natural chokepoints in the attack chain that can be used to your advantage. This week we are going to see the non-Windows core process triage in action through the lens of a very advanced attack dubbed “operation ghost.”