DFSP # 286 - Lateral MM Fast Triage 2 [5145]
Digital Forensic Survival Podcast - Podcast autorstwa Digital Forensic Survival Podcast - Wtorki
Kategorie:
This week we continue with the Windows fast triage series. We are up to lateral movement and talking about admin shares. On topic this week is event 5145 which is a Windows log that records verbose information about network share objects and it is an artifact you can use to triage a system or group of systems for evidence of malicious lateral movement.