by Frank Ully
This is the fifth article in a multi-part series about Windows PowerShell and how attackers abuse it, how incident responders can detect these attacks – and how IT security managers can prevent them in the first place. This article introduces methods that incident responders and IT forensic analysts can use to investigate PowerShell attacks, including memory analysis. [read the German article]