Posts tagged "triage"

• What is DFIR triage? (glossary)

  DFIR triage is the rapid first-pass examination of a suspected-compromised host to confirm or rule out a compromise within minutes. Amcache is one of the fastest triage artefacts on Windows.

  2026-05-24

• Hunting commodity malware with Amcache

  A practical Amcache-first triage playbook for commodity malware on Windows endpoints — the filters that surface attacker tooling, the pivots that confirm execution, and the cross-host queries that scope the incident.

  2026-05-24