Detecting Persistence Mechanisms - SANS DFIR WEBCASTby Alissa Torres via SANS Digital Forensics

Persistence mechanisms are techniques used by malware to increase survivability on compromised host systems. For an incident responder, the identification of specific artifacts created by such techniques can provide excellent insight into the function of the malicious code. In fact, these host-based artifacts aid in unraveling the adversary’s methodologies and the subsequent identification of other compromised systems on the network. This presentation will cover both common persistence mechanisms such as modified registry keys, Windows service persistence and other methods seen in past campaigns as well as newer techniques from malware hitting today’s enterprises. Also during this hour, several tools useful in isolating and identifying persistence indicators will be introduced. This session covers key skills needed on effective security teams and is a “must attend” webcast for those working in the IR profession.

Published 07 March 2015