<![CDATA[This study provides a comprehensive forensic analysis of a network-based ransomware attack using a digital forensics approach. Through a qualitative case study, we reconstructed a cyber incident that targeted corporate infrastructure, from the initial entry point to its final impact. The research methodology involved the acquisition of both volatile and static data, followed by in-depth analysis of various digital artifacts, including Windows Event Logs, the system registry, disk images, and memory dumps. Key findings indicate that the attack began with the exploitation of an RDP vulnerability, followed by lateral movement, the disabling of security features, and data exfiltration before the encryption process. The network forensics analysis confirmed the attackers' use of a double extortion tactic. This research underscores the critical importance of an integrated forensic approach (host, network, and memory) to obtain a complete picture of such a complex attack. The study's conclusions not only offer insights into the attackers' TTPs (Tactics, Techniques, and Procedures) but also provide strategic recommendations for strengthening an organization's cybersecurity posture in the future.]]>
Copyrights © 2025
