Fileless malware forensics
This weekend I’ve been watching videos about forensics to look for labs for my students of the Digital Forensic course. I would like to highlight one of them. It’s a fileless malware forensics talk that I will use for the training course. What’s really interesting in this talk is the fileless malware analysis because this kind of malware doesn’t store any file into the operating system but it’s able to execute instructions through the command line while operating in memory. Therefore, it’s really difficult to acquire evidences to know how the malware works.
|How a Fileless Attack works|
Actually, there are three talks I would like to highlight. The first one is about acquisition in complex incidents. The second one is acquisition in the cloud, which is also really interesting because we can learn how to acquire digital evidences of AWS. The third one is about fileless malware forensics, which shows, step by step, how to analyse the Windows Prefetch folder, web history, event logs, memory, etc from the memory acquisition and triage. It’s an interesting forensics to learn how to analyse a fileless malware.
Keep learning and keep studying my friends!!