In the previous post, we dealt with one of the most popular anti-forensic techniques – timestomping. So we changed the timestamps of the files to confuse the analysts and make the files appear unrelated to malicious activity. This time we will try to transfer timestomping to another source of evidence - the Windows registry. The registry is definitely one of the […]
Tag: timestomping
Anti-forensic - introduction and timestomping
As I mentioned in the blog, threat intelligence is essentially threat counterintelligence - the process of stopping hostile infiltration of the environment. This time we will deal with a strictly technical issue related to how attackers can try to (anti-forensic) hide traces of their activities and how to detect such activities. The starting point for our considerations [...]