The Windows Incident Response Blog is dedicated to the myriad information surrounding and inherent to the topics of IR and digital analysis of Windows systems. This blog provides information in support of my books; "Windows Forensic Analysis 2/e", "Windows Registry Forensics", "Windows Forensic Analysis Toolkit 3/e",
as well as the book I co-authored with Cory Altheide, "Digital Forensics with Open Source Tools".
Tuesday, February 15, 2005
Incidents Question, part 1
I've been thinking about some of the stuff I've presented on, as well as talked to others about, and a thought came up...has anyone seen a compromised system with suspicious TaskScheduler jobs? Let me know...