The most popular way to hack someone these days leaves absolutely zero evidence behind for the police to find.
April 3, 2026
Original Paper
Forensic Visibility Gaps in Fileless Malware Incidents: An Empirical Analysis of Artefact Survival Rates Across 49 Confirmed Intrusions
SSRN · 6510713
The Takeaway
Cybersecurity frameworks assume that hackers leave a digital paper trail, but this study shows that trail is often non-existent for the most common hacks. Our current security tools are essentially blind to the very techniques being used in half of all major intrusions.
From the abstract
Fileless and living-off-the-land (LOTL) intrusions now dominate advanced threat activity, but no prior study has measured which forensic artefact types actually survive when these techniques are used in confirmed real-world incidents. We coded 49 intrusions extracted from 56 CISA cybersecurity advisories (2020–2024) across 13 fileless technique variables and 8 forensic artefact categories. The results expose three systemic forensic blindspots. WMI persistence appeared in 46.9% of incidents, yet