Professional Documents
Culture Documents
POA Forensics
POA Forensics
Information Gathering:
1) Investigation Requirement.
2) Exact Timeline of Infection detection.
3) Logs from the infected device
Event Logs
Firewall Logs
EDR/AV Logs
4) In case of server
Server Logs
Firewall Logs
Application Logs
WAF Logs
B. Steps of Investigation:
1) In order to identify the suspicious communication over the network start with
examining Firewall Logs/Proxy Logs/Network Traffic Logs.
2) Based on analysis identify/determine the communication observed towards outside
of business domain on suspicious port.
3) Based on these logs enlist all the suspicious domain/IP address &validate them on
threat intel platforms.
4) It will help us to identify if any C2 communication is present.