by Frank Ully
This is the fourth article in a multi-part series about Windows PowerShell and how attackers abuse it, how incident responders can detect these attacks – and how IT security managers can prevent them in the first place. This article provides a general introduction to memory forensics, a relatively new method of investigation for incident responders and IT forensic experts against modern threats such as PowerShell attacks. [read the German article]