tag:blogger.com,1999:blog-9518042.post7852007255868085520..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: On #DFIR Analysis, pt III - Benefits of a Structured ModelUnknownnoreply@blogger.comBlogger1125tag:blogger.com,1999:blog-9518042.post-67954000432446355152021-05-09T04:31:48.232-05:002021-05-09T04:31:48.232-05:00> I've mentioned previously that analysis i...> I've mentioned previously that analysis is nothing more that an individual applying the breadth of their knowledge and experience to a data source.<br /><br />Dear author, please read https://en.wikipedia.org/wiki/Analysis to learn what analysis really is. Not on how you perceive it. <br /><br />> Very often, we'll see analysts referring to a single artifact (ShimCache entry, perhaps an entry in the AmCache.hve file, etc.) as definitive proof of execution. <br /><br />Indeed some even author books and blog posts about itAnonymousnoreply@blogger.com