Sysinternals is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Event Log Explorer, Registry Explorer, Autopsy, FTK Imager, AppCompatCachParser, Web Cache View, VirusTotal, Execution, Command and Control, Impact.
Learning Objectives
Conduct endpoint forensic analysis to detect, analyze, and understand malware infections using disk images, registry artifacts, and threat intelligence.
Categories: Endpoint Forensics.
MITRE ATT&CK Tactics: Execution, Command and Control, Impact.