Resource Center

Webinars

Putting the RDPieces Back Together Again

Ransomware investigations are becoming increasingly prevalent, and the questions an analyst are faced with are similar in almost every investigation:

  • How did the attacker get in?
  • How long did the attacker have access to system(s)
  • What files/folders did the attackers access?
  • Was there any data exfiltration?

A majority of ransomware now does “cleanup” after running, and deletes and overwrites important data such as event logs, recent user activity, powershell commands, etc. This talk delves into a quite often looked-at artifact called the RDP Bitmap cache, which may contain the answers that are needed to make a determination one way or another on ransomware related questions. It is a very interesting, and very under utilized artifact, that allows an analyst to quite literally piece together “what had happened was...”

View Webinar

View the Webinar

Related Resources

Upcoming Webinars on May 29

Upcoming Webinars

Mobile Unpacked: Ep. 17 // Vocalizing on Validation and Verification

With the absolute mountain of data on mobile devices, examiners are often responsible for figuring out how certain apps and features work then trying to convey that information to those
Upcoming Webinars on April 30

Upcoming Webinars

APAC Partner Update Webinar: Magnet AXIOM 8.0 Release

Magnet Axiom 8.0 is now available and with this exciting update, join us to learn about some of the features that have been introduced in this release and some common
Upcoming Webinars on May 8

Upcoming Webinars

Bring your teams and their digital evidence together with Magnet Review

Growing data volumes and a larger-than-ever remote workforce can make it difficult to enable effective team collaboration on digital evidence review.
Resource Center Home

Subscribe today to hear directly from Magnet Forensics on the latest product updates, industry trends, and company news.

Start modernizing your digital investigations today.

Top