Anyone know any good links/faqs for tracking down a virus entry point? Had two Cryptolocker instances in less then a week, and I'm trying to determine whether it was email or website, and which one. I did get approval to quarantine all zip and rar attachments for now, but would like to prove that it did come in through email so that we can hopefully make this permanent.
I have one computer that was unfortunately powered off so I couldn't capture the memory but hasn't been touched other then that. Was able to live boot Kali and dig through the registry and find most of the Cryptolocker keys, so looks like it is still intact.
The other one the desktop support guys did a system restore so it's about worthless now.
I'm more familiar with the network/firewall side of things and don't have as much exposure to virus stuff, so any tips/info would be appreciated.