Incident Investigations module is a relatively new module designed to help users investigate hacking attempts of Windows-based computers. By analyzing several sources—such as registry entries, event logs, and memory dumps—it can find traces of attacks, which typically correspond to tricks used by hackers to penetrate a company's IT infrastructure.

Belkasoft Evidence Center examines many artifacts stored in Amcache, Shimcache, Syscache, BAM/DAM, AppInit DLLs; BEC reviews changes in default file association, scheduled tasks, remote connections (RDP, Remote Connection, TeamViewer and others), startup tasks, browser extensions and so on; Belkasoft also detects suspicious connections and scripts.

In this webinar, you will learn

• What is the cyber kill chain and how Belkasoft utilizes it
• Where the artifacts worth examining are located on BEC's interface
• How to use Timeline Viewer, File System Explorer, and other BEC viewers more effectively
• Why WMI connections are so important in Incident Response