Digital Forensics Tips&Tricks: Enhanced Command-line Auditing

Let's imagine a situation when cyber-attacker executes some commands remotely on the infected workstation using command line interface (cmd.exe) or using a special USB-device like Teensy or Rubber Ducky



How can we see these commands during digital forensics process?
Читать дальше →

source https://habr.com/ru/post/441764/?utm_campaign=441764