“Mass Triage Part 3: Processing Returned Files – At Jobs”

Our story so far… Frank, working with Hermes, another security analyst, goes to work to review the tens of thousands of files retrieved by FRAC. They start off by reviewing the returned AT jobs. AT Job Used by Actors AT jobs are scheduled tasks created using the at.exe command. At jobs take the filename format … Continue reading Mass Triage Part 3: Processing Returned Files – At Jobs

Source: SANS Digital Forensics and Incident Response Blog @ May 4, 2017 at 09:34PM

0
Share