Rootkits are tools and techniques used to hide malicious modules from being noticed by system monitoring.
Application whitelisting is the practice of specifying an index of approved software applications that are permitted to be present and active on a computer system.
During investigation in a security incident, event log analysis is a key element.
During a forensic analysis of a Windows system, it is often critical to understand when and how a particular process has been started.
Microsoft Terminal Services Remote Desktop Protocol (RDP) is a great feature that allows the interactive use or administration of a remote Windows system. However, it can be also used by an attacker, with compromised domain credentials, to move laterally across the local network.