What forensics should be collected as part of an incident response plan on Windows 10?
I am currently developing an IRP that responds to system hacks.
I have attacked the Windows 10 myself (victim machine), using Metasploit on Kali Linux, where I managed to gain access via SSH port 22. From there I have modified file exten… Continue reading What forensics should be collected as part of an incident response plan on Windows 10?