For as long as I have been doing forensics, or more specifically, live response, there has been a lot of value in reviewing a Windows system’s network connections during an investigation--in fact this is recognized as standard practice. There are many reasons to do so, however, this work is essentially done to find an anomaly, something suspicious.
Hadar Yudovich

Recent Posts
Why and How to Extract Network Connection Timestamps for DFIR Investigations
Posted by
Hadar Yudovich on Mar 14, 2018 9:59:12 AM