Chapter 8: Investigating Initial Access Techniques
In the previous chapter, we looked at various sources of digital forensic artifacts available on Windows systems. Now, it's time to start looking at some case studies so that we can understand how exactly those artifacts can be used for ransomware attack life cycle reconstruction.
We'll start by finding evidence for the most common initial access techniques – abusing external remote services and phishing.
Abusing external remote services, especially publicly exposed RDP servers, is an extremely common technique. However, more than 50% of successful attacks start from a successful brute-force attack against such servers.
Almost the same can be said about phishing – lots of different bots, which ...
Get Incident Response Techniques for Ransomware Attacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
