Infection Vectors
To detect malware on a Windows system, an investigator must first understand how malware gets on a system and what it does once it has been activated on that system. The path used to get malware on a system, or the “infection vector,” can be something as simple as a diskette or CD-ROM. In the days before Internet connections were as pervasive as they are today, one particular infection vector for viruses was file exchange by diskette. Users would get files from one system and copy them to a diskette. If the file or files were infected with a virus, then when the diskette was placed in the drive of another system and the files copied to that system, the virus would be copied as well. This was the case particularly with Microsoft ...
Get Windows Forensics and Incident Recovery now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
