What Event Logs? Part 2: Lateral Movement without Event Logs
Event logs, is just one of the subjects covered in FOR508: Advanced Digital Forensics, Incident Response, & Threat Hunting course.
For more information about the course please visit or for training: FOR508
Working without Windows Event Logs - a two-part webcast series. Many analysts rely on Windows Event Logs to help gain context of attacker activity on a system, with log entries serving as the correlative glue between additional artifacts, But what happens when the attackers find ways to remove the logs, or worse, stop the logs from writing? We must find a way to adapt.
In part 2 of this series, SANS instructor and incident responder Matt Bromiley will discuss techniques to identify lateral movement when Windows Event Logs are not present. Sometimes logs roll without preservation, and sometimes attackers remove them from infected systems. Despite this, there are still multiple artifacts we can rely on to identify where our attackers came from, and where they went. In this webcast, we'll discuss the techniques and artifacts to identify this activity.
.PNG "DFIR_ICON_(1).PNG"){kind=icon}
