Reverse, Reveal, Recover: Windows Defender Quarantine Forensics
Fox IT
DECEMBER 13, 2023
Reverse engineering mpengine.dll resulted in finding previously undocumented metadata in the Windows Defender quarantine folder that can be used for digital forensics and incident response. Skip to the end if you are interested in the results rather than the technical details of reverse engineering Windows Defender.
Let's personalize your content