Windows Forensics is really complicated. That’s ok though because we are hardcore. I want to break this down into multiple areas. First, we will look for execution. After execution, we will look for persistence.
IF done correctly, you should be able to analyze an EDR alert from pretty much any provider.
Please submit topics you’d like to discuss to Hardcorecybersecurity@proton.me