SANS Digital Forensics and Incident Response Blog: Tag - outlier analysis

Outlier analysis in digital forensics

In my previous post, Atemporal time line analysis in digital forensics, I talked about using the inodes of a known piece of attacker code as a pivot point to discover previously unknown attacker code on a system. In this post, I want to point out another interesting thing about these inodes. Recall that I'm using … Continue reading Outlier analysis in digital forensics