Tags
Chrome
CrowdStrike
- What process made the DNS query?
- What web browsers were running at a given time?
- Was an Incognito/Private browser session used?
- Were any system event logs cleared?
DNS
Edge
Event Logs
- Have there been any executions of PsExec?
- Have there been any executions of PsExeSrv?
- Were any system event logs cleared?
Firefox
Internet Explorer
Linux
NTFS
Prefetch
Process Execution
SQLite
Safari
Sysmon
T1070.001
T1070.002
USN Journal
Web Browser
- What files were downloaded using a web browser?
- What web browsers were running at a given time?
- What pages did web browsers visit?
- Was an Incognito/Private browser session used?
Windows
- What files were downloaded using a web browser?
- What process made the DNS query?
- Have there been any executions of PsExec?
- Have there been any executions of PsExeSrv?
- Were any system event logs cleared?