One of the first things I look at when performing forensics on a system is the prefetch files which gives a report about recently run software on the system. Some malwre now recognize the importance of these files and delete them when they run.
For cases where there is still prefetch files there is a great open source tools to parse them and convert the output to a useable format.
Here is the link:
https://github.com/EricZimmerman/PECmd
Follow on Twitter:ITSECSAM
No comments:
Post a Comment