Digital footprints are slightly more elusive than the traces Goldilocks left for the bears - while numerous locations exist for discovering post-act evidence, many of them aren’t as straight forward as we’d expect them to be. some are not turned on by default, or can be turned on yet impact performance. moreover, many are hardly (or not at all) documented, and above all - correlating them can become a challenging integration task. Join us for a fun dive into the pool of unusual audits, from specific actions inside office documents through hiding file streams and who did what when, covering several tools and open source scripts, some written especially for this session and will be shared for both Red and Blue teams - as we show you how to hide your trails and evade detection, and “at the same breath” - how to uncover those bread crumbs;)
