9 Data Collection and Exfiltration

Data collection and exfiltration can be performed by threat actors either in the intermediate stages or in the final stages of an attack. In the first case, adversaries may exfiltrate and analyze intermediate information that can help them better understand the organization’s infrastructure, gain access to credentials, or check target documents for relevance. In the second case, however, exfiltration may be a precursor to impact, as in the case of ransomware operators, or even part of it, as in espionage.

Regardless of the stage at which data exfiltration takes place, the techniques used by threat actors will be similar. So, what will be the difference? First, the data in which threat actors are interested ...

Get Incident Response for Windows now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Incident Response for Windows by Anatoly Tykushin, Svetlana Ostrovskaya

9

Data Collection and Exfiltration

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly