Who Left the Backdoor Open? Using Startupinfo for the Win

February 18, 2021

In the endless quest to research additional Windows system forensic artifacts to use during an Incident Response investigation, I stumbled across something I thought was cool. This definitely wasn’t a new artifact, it was just a specific native Windows XML file that I wasn’t aware of. I noticed this file was not commonly used from…

Read
  • Browse by Category

  • Clear Form