The current issue 08/2021 of iX magazine features two cover topics from Oneconsult’s DFIR team (Digital Forensics & Incident Response): In part 10 of the Active Directory article series, Fabian Murer, Senior Digital Forensics & Incident Response Specialist, explains how logs efficiently complement hardening measures, which have already been implemented, to detect potential attacks in a timely manner.
Moreover, Gregor Wegberg, Head of Digital Forensics & Incident Response, continues his IT forensics tutorial series and demonstrates how “Kroll Artifact Parser and Extractor” (KAPE), which has been introduced in the first article of the tutorial, can be used to analyse Autoruns artefacts in order to determine whether an attacker or malware has gained persistence on a system after a successful attack.
Read Fabian Murer’s article (in German only) to learn why logs and their monitoring are essential for effective defense against potential attacks, which logs should be used for this purpose and how they are used:
- iX 08/2021, S. 94-99: Incident Response und Forensik – Angreifer durch Logs enttarnen: Protokollschätze (PDF)
In the second part of his IT forensics tutorial (in German only), Gregor Wegberg demonstrates how you can use KAPE and Autoruns to uncover typical mechanisms that attackers and malware often use to gain persistence on a system after a successful compromise:
- iX 08/2021, S. 100-105: KAPE-Einführung, Teil 2: Autoruns-Artefakte auswerten und verstehen – Am Start geschnappt (PDF)
Click here to view the full online issue of iX 08/2021 (available in German only).