Finding Intrusion Evidence in the Same Folder

Finding Intrusion Evidence in the Same Folder

Finding digital evidence during DFIR is hard and often involves identifying something suspicious and investigating. One technique is to look in the same folder as a suspicious item to see what else you can find. Often attackers are automated (or lazy) and store files...