15 Ransomware Investigations

Spend even the shortest amount of time in incident response and you will most likely respond to a ransomware investigation. As we saw in the previous chapter, the threat from such attacks is widespread, impacting organizations of every size. These include government entities, large corporations, healthcare, and critical infrastructure. Given the nature of ransomware attacks, analysts and responders should be familiar with how to investigate the common tactics and techniques of ransomware.

In this chapter, we will look at a few of the more common tactics and associated evidence. Specifically, we will examine the following:

Ransomware initial access and execution
Discovering credential access and theft
Investigating ...

Get Digital Forensics and Incident Response - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Digital Forensics and Incident Response - Third Edition by Gerard Johansen

15

Ransomware Investigations

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly