This article has been indexed from Blog – crowdstrike.com
In an incident response investigation, CrowdStrike analysts use multiple data points to parse the facts of who, what, when and how. As part of that fact-finding mission, analysts investigating Windows systems leverage the Microsoft Protection Log (MPLog), a forensic artifact on Windows operating systems that offers a wealth of data to support forensic investigations. MPLog […]
Read the original article: Mind the MPLog: Leveraging Microsoft Protection Logging for Forensic Investigations