Incident Response – Compass Security Blog

Investigating Data Leakage via External Storage Devices

Contents Introduction Background Story External Device Access Auditing with Windows Security Event Logs Audit Plug and Play Activity Audit Removable Storage Activity External Device Access Auditing with Default Windows Artifacts Other Ways to Monitor External Device Usage Conclusion References Introduction Have you ever investigated a data leakage case involving a suspect potentially leaking data to […]

Windows Forensics with Plaso

March 25, 2019 / Cyrill Brunschwiler / 2 Comments

Present State of Affairs We have been teaching forensics and network incident analysis for quite a while. We have investigated into a reputable number of cases and we are not the only doing so. Hence, one would expect a certain degree of automation in analysis. However, the high frequency of software release cycles somehow leads […]

Up ↑

Compass Security Blog

Offensive Defense

Investigating Data Leakage via External Storage Devices

Windows Forensics with Plaso

Recent Posts

Tags

Compass Links

Categories