DFIR “Evidence of…” Poster (Side 1)
Finding unknown malware is an intimidating process to many, but can be simplified by following some simple steps to help narrow your search. By using the techniques in this Poster’s chart, you will learn how to narrow the thousands of files on a typical machine down to the 1-4 files that are possible malware. This process of “malware funneling” is key to your quick and efficient analysis of compromised hosts.
The Windows Analysis Poster was created by FOR500 Windows Forensics Analysis and FOR508 Advanced Digital Forensics, Incident Response & Threat Hunting course author and SANS DFIR Curriculum Lead, Rob Lee with support from the SANS DFIR Faculty.
The DFIR posters are shipped rolled in a tube and measure 24″ x 36″ (slightly larger than the SANS folded version).
Currently shipping within the US only.