Collection and analysis artifacts in incident response of industrial control system (ICS)

Learn more about the importance of the Windows registry in uncovering security incidents and become equipped with practical methodologies for data collection and analysis, all while underscoring the importance of automation for efficient forensic procedures. The methodology combines practical approaches to data collection and analysis with automated techniques to streamline registry investigations. Expected outcomes emphasize the real-world benefits and challenges faced by professionals, such as handling advanced persistent threats (APTs) or memory-based threats that leave no traces in the registry and actively attempt to evade detection. These challenges highlight the need for analysts to expand their skill sets, integrating memory analysis to complement traditional registry-based investigations.