Recycle Bin Forensics in Windows 7 and Vista
Monitoring file system changes with PowerShell I recently returned from facilitating Lenny Zeltser‘s excellent Reverse Engineering Malware course at SANS Security West. One of the utilities covered in the course is called CaptureBAT, which is a useful utility for monitoring a system for changes while performing malware analysis. Of course, given my ongoing interest in…
Read More Recycle Bin Forensics in Windows 7 and Vista