Disk-sm-windows-x64-jun-2015-version-11.20.x5.10

Forensic Deep Dive: Unpacking the disk-sm-windows-x64-jun-2015-version-11.20.x5.10 Artifact

disk-sm-windows-x64.exe --device \\.\PhysicalDrive1 --raw-read --output C:\Windows\Temp\syscache.tmp (Note the fake output path and obscure device) disk-sm-windows-x64-jun-2015-version-11.20.x5.10

Whether you're a forensic analyst hunting for LotL binaries, a sysadmin cleaning up an old server, or a researcher cataloging software versioning schemes, never ignore the story hidden in a filename. The next time you see an odd x in a version number, ask yourself: Was this a hotfix, a hack, or just a naming quirk? ask yourself: Was this a hotfix

Disk-sm-windows-x64-jun-2015-version-11.20.x5.10

Recent Posts