Investigating Windows Subsystem for Linux - WSL Endpoints

Explore the forensic implications of Windows Subsystem for Linux (WSL) in this 23-minute conference talk from OSDFCon 2020. Delve into the architecture changes introduced with WSL 2 and their impact on digital forensics and incident response. Learn about the growing interest in WSL among organizations and industry professionals, as well as the increasing focus of adversaries and malware authors on this technology. Discover key forensic artifacts and investigative techniques for compromised WSL endpoints, covering 10 unique attacker techniques including execution, persistence, lateral movement, command and control, and exfiltration. Gain insights from speaker Asif Matadar, Director of Endpoint Detection & Response at Tanium, who brings extensive experience in incident response, endpoint forensics, and threat landscape analysis to high-profile clients worldwide.