Homepage
Open in app
Sign in
Get started
DFIR Dudes
Yet another DFIR blog, authored by Martin Korman & Hadar Yudovich
Follow
Latest
AmCache is not alone; Using .WER files to hunt evil
AmCache is not alone; Using .WER files to hunt evil
TL;DR — Starting Windows 10, most of *.WER files include the process’ hash, which can be used for hunting in the same way that AmCache is…
martin korman
Jun 26, 2019
About DFIR Dudes
Latest Stories
Archive
About Medium
Terms
Privacy
Teams