Chris Sanders 🔎 🧠Investigation Scenario 🔎
You receive a SIEM alert about this file:
C:\Users\bose\Downloads\report.doc
The file copied itself to %TEMP% and the original copy was deleted.
What do you look for to investigate whether an incident occurred?
Investigation Scenario 🔎
You receive a SIEM alert about this file:
C:\Users\bose\Downloads\report.doc
The file copied itself to %TEMP% and the original copy was deleted.
What do you look for to investigate whether an incident occurred?