Making complex data simple and compelling
From digital device to digital evidence
Unlock your vehicle's digital evidence potential
Forensic Analysis and Enhancement
Investigating and analyzing financial records
Gain access to the online accounts of deceased loved ones
Clear, precise evidence for a messy world
Expert reports to suit your specific needs
We can locate people anywhere
Stop worrying and learn the truth
Prevent, Detect, Respond To Cyberattacks
First response is crucial. Every minute counts.
The first response is critical to reduce liability
Detection & Removing Spyware Services
Reduce your electronic risk from digital transmittals
Find out who you are really talking to
Experienced, Confidential Services
Swift, professional incident response
Complicated cases require compelling digital facts
Find, recover and document digital evidence
Bring solid evidence before a judge
Cases can be investigated using Social Media
Divorce, custody battles, and other
Win the most important battle of your life
Everything you need
Effective Expert Witness in Court
Evidence shows who is telling the truth
Subpoena power yields strong evidence
Digital evidence can build a strong defense
A fresh white paper was released by FireEye. It’s “Windows Management Instrumentation (WMI) Offense, Defense, and Forensic” by William Ballenthin, Matt Graeber and Claudiu Teodorescu.
Here is the introduction:
As technology is introduced and subsequently deprecated over time in the Windows operating system, one powerful technology that has remained consistent since Windows NT 4.01 and Windows 952 is Windows Management Instrumentation (WMI). Present on all Windows operating systems, WMI is comprised of a powerful set of tools used to manage Windows systems both locally and remotely.
While it has been well known and utilized heavily by system administrators since its inception, WMI became popular in the security community when it was found to be used by Stuxnet3. Since then, WMI has been gaining popularity amongst attackers for its ability to perform system reconnaissance, anti-virus and virtual machine (VM) detection, code execution, lateral movement, persistence, and data theft.
As attackers increasingly utilize WMI, it is important for defenders, incident responders, and forensic analysts to have knowledge of WMI and to know how they can wield it to their advantage. This whitepaper introduces you to WMI, demonstrates actual and proof-of-concept attacks using WMI, shows how WMI can be used as a rudimentary intrusion detection system (IDS), and presents how to perform forensics on the WMI repository file format.
Save my name, email, and website in this browser for the next time I comment.
Speak to a Specialist Now