Incident Investigations with Belkasoft

Incident Investigations module is a relatively new module designed to help users investigate hacking attempts of Windows-based computers. By analyzing several sources—such as registry entries, event logs, and memory dumps—it can find traces of attacks, which typically correspond to tricks used by hackers to penetrate a company's IT infrastructure.

Belkasoft Evidence Center examines many artifacts stored in Amcache, Shimcache, Syscache, BAM/DAM, AppInit DLLs; BEC reviews changes in default file association, scheduled tasks, remote connections (RDP, Remote Connection, TeamViewer and others), startup tasks, browser extensions and so on; Belkasoft also detects suspicious connections and scripts.

In this webinar, you will learn

  • What is the cyber kill chain and how Belkasoft utilizes it
  • Where the artifacts worth examining are located on BEC's interface
  • How to use Timeline Viewer, File System Explorer, and other BEC viewers more effectively
  • Why WMI connections are so important in Incident Response

The webinar will take place on July 14, 2020.

Two time slots are available to suit most time zones around the globe:
1. 11am CEST (Berlin) / 5pm (Singapore) / 7pm (Sydney)
2. 10am PDT (Los Angeles) / 1pm EDT (New York) / 2pm (Rio de Janeiro)

Please sign up below.

Loading, please wait
running Belkasoft