Please enable JavaScript.
Coggle requires JavaScript to display documents.
CyberTriage - Coggle Diagram
CyberTriage
Malicious
Systems
Changes?
To reduce
detection
or attribution?
Modified Auditing
Disabled fw
Persistence
local account creation
enabling remote access
file sharing to exfilt
Patching so others
can't get in?
Disabling OS updates
Scheduled tasks
Preventing system recovery
like disabling Vol Shadow Copies
Malicious
programs
found?
Autoruns/Startup?
Malicious
Running
Processes?
Renmants of
malicious
processes?
Files
DNS cache
Execution
History
Not
looking for Root Cause
How badly? I've seen this before?
Is this computer compromised?
Suspicious
User
Activity?
Logons
Logins from
abnormal
locations
Abnormal
login times
Strange things?
Abnormal
programs
ran?
Folders accesses
that were not
supposed to be
zip, tar, etc files created?