When will CQForensic save you?
CQForensic can build an attack timeline, extract information from the USN journal, recover files (also from MFT), decrypt user’s and system’s stored secrets (like encrypted data), extract information from Prefetch and Remote Desktop Session cache, and extract information from the configuration of the used for administration tools.
With CQ Tools you can find out how the information gathering process looks like step by step and how to extract information from memory dumps, including the PowerShell commands?
Moreover, it contains a toolkit for memory analysis and can extract information from memory dumps. Our biggest CQKawaii tool implements custom-made machine learning algorithms to extract from the large logs the anomalies.
This handy toolkit was presented by Paula during the Arsenal session on Black Hat 2020.
What is Black Hat?
For more than 20 years, Black Hat inspires professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors.
During the event, you have a chance to participate in training classes, Arsenal Sessions, Briefings, and Review Boards. Black Hat 2020 edition was unlike any other, as we took it online. However, engagement, enthusiasm, and intensity even increased.
Although there is one thing that hasn’t changed – CQURE’s Team gave its best. Not only during the Arsenal Session but also while other training:
- Systems Forensics and Incident Handling
- Advanced Hacking and Securing Windows Infrastructure
Thank you for joining Black Hat USA 2020 Arsenal Session hosted by Paula Januszkiewicz and Mike Jankowski-Lorek! Liked our session? Or maybe missed it? No worries, below you will find a summary, together with the slides and tools.
Find the presentation slides HERE.