Marcel Afrahim

Incident Analysis with Endpoint Forensics

Blog Post created by Marcel Afrahim Employee on Jan 27, 2019

Hey there CheckMates!


We have recently published a blog post titled Check Point Forensic Files: GandCrab Returns with Friends (Trojans) which looks at recent GandCrab variant ransomware spread and how it would look like from SandBlast Agent point of view. While the attack and partnership of trojans and ransomwares are interesting, the real aim here was to showcase how to use Forensics Reports generated by SBA protections in order to do analysis, asses activity or any damages that the incident might have caused.


We'd love to hear your feedback about the blog post and the overhauled Forensics Reports and if you would like to see any additional info in the reports.