Log analysis of suspicious activity [closed]
I have taken a DFIR course, but I have not worked with an SME. Looking at this SuperTimeline output, I saw something like what is pictured. SVCHOST executing from prefetch and the file then being deleted. The other instance is modificatio… Continue reading Log analysis of suspicious activity [closed]