forensics

Japan Cert article on identifying Malware based on the windows log entries left by it https://www.bleepingcomputer.com/news/security/jpcert-shares-windows-event-log-tips-to-detect-ransomware-attacks/ Velociraptor foss

The entire article is available here but the point form tells a story all too familiar.

Hashem Kadesh got caught sending himself invoices. The damning evidence was that some of the Invoices were made in Microsoft Word. Word secretly water-marks/meta-data the author’s name in each document,…