Notes on Evidence of Exfiltration - davepo/AKA GitHub Wiki
Evidence of Exfiltration
Document Incomplete - Notes not yet added
Notes on items to consider when investigating evidence of exfiltration. This is not an all-encompassing list and is presented in no particular order.
Compression
- Evidence of execution of compression tools (ie. 7zip)
Clustering
- Clustering of unrelated or high-value files in an abnormal location.