Creating a Secondary Baseline and Conducting Comparison

CYBRScore
Cyberscore

In this lab, you will gain hands-on experience on how to run the WFT (Windows Forensic Toolchest) on a suspected compromised system, compare it against a previously created baseline using KDiff3 and determine if any new services, programs, or accounts were created that are indicative of intrusion activity.

Time
1 hour
Difficulty
Intermediate
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Overview

In this lab, you will gain hands-on experience on how to run the WFT (Windows Forensic Toolchest) on a suspected compromised system, compare it against a previously created baseline using KDiff3 and determine if any new services, programs, or accounts were created that are indicative of intrusion activity.