Skip to content

Sniper Incident Response – Where did they go?

Where did they go? This question is all about lateral movement and knowing the scope of the infection. Windows systems have several artifacts that we can quickly triage to see which systems were accessed. These artifacts range from registry entries to event logs. The Sniper IR framework has some key artifacts to check for quick wins.