Resource Center

Webinars

Putting the RDPieces Back Together Again

Ransomware investigations are becoming increasingly prevalent, and the questions an analyst are faced with are similar in almost every investigation:

  • How did the attacker get in?
  • How long did the attacker have access to system(s)
  • What files/folders did the attackers access?
  • Was there any data exfiltration?

A majority of ransomware now does “cleanup” after running, and deletes and overwrites important data such as event logs, recent user activity, powershell commands, etc. This talk delves into a quite often looked-at artifact called the RDP Bitmap cache, which may contain the answers that are needed to make a determination one way or another on ransomware related questions. It is a very interesting, and very under utilized artifact, that allows an analyst to quite literally piece together “what had happened was...”

View Webinar

View the Webinar

Related Resources

Upcoming Webinars on January 15

Upcoming Webinars

Introduction to Magnet Verify

Join us for a webinar introducing Magnet Verify—a patented technology designed for reliable media authentication. In this session, you’ll learn how Verify can be used to authenticate images and videos,
On Demand Webinars

On Demand Webinars

Ep. 24 // Split Personalities – understanding multiple user account purposes in Android

While multiple user-accounts are not a new thing with Android, they are gaining momentum in how much they are used. In addition to just secondary profiles and guest accounts, more
On Demand Webinars

On Demand Webinars

Magnet Witness: Optimice su adquisición y análisis de vídeo

Las imágenes de vídeo son una fuente esencial de pruebas en las investigaciones criminales. Se estima que más del 80% de los casos penales de hoy en día utilizan pruebas
Resource Center Home

Subscribe today to hear directly from Magnet Forensics on the latest product updates, industry trends, and company news.

Start modernizing your digital investigations today.

Top