Malware Detection: Malware common locations are Windows\System32temp foldersC:\Windows or %SYSTEMROOT%System volume informationRecycle binProgram filesTemporary internet files Malware Persistence: DLL Search Order Hijacking: Place malicious file ahead of DLL in Window's DLL search order hierarchyCommon example: Explorer.exe loading bad ntshrui.dll DLL Search Order: Memory --> KnownDLL registry list --> Directory where executable/process is located --> current… Continue reading Malware Forensics Concepts – Quick Reference
Tidbits! 