Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.
http://digitalforensicsurvivalpodcast.libsyn.com/podcast
DFSP # 286 - Lateral MM Fast Triage 2 [5145]
This week we continue with the Windows fast triage series. We are up to lateral movement and talking about admin shares. On topic this week is event 5145 which is a Windows log that records verbose information about network share objects and it is an artifact you can use to triage a system or group of systems for evidence of malicious lateral movement.