There are a lot of folks with different skill sets and specialties involved in targeted threat analysis and threat intel collection and dissemination. There are a lot of researchers with specific skill sets in network traffic analysis, malware reverse engineering, etc.
One of the benefits I find in host-based analysis is that the disk is one of the least volatile of the data sources.
more here.........http://windowsir.blogspot.com/2014/07/random-stuff.html
One of the benefits I find in host-based analysis is that the disk is one of the least volatile of the data sources.
more here.........http://windowsir.blogspot.com/2014/07/random-stuff.html