The Windows Incident Response Blog is dedicated to the myriad information surrounding and inherent to the topics of IR and digital analysis of Windows systems. This blog provides information in support of my books; "Windows Forensic Analysis" (1st thru 4th editions), "Windows Registry Forensics",
as well as the book I co-authored with Cory Altheide, "Digital Forensics with Open Source Tools".
Tuesday, February 15, 2005
Incidents Question, part 1
I've been thinking about some of the stuff I've presented on, as well as talked to others about, and a thought came up...has anyone seen a compromised system with suspicious TaskScheduler jobs? Let me know...