Deleted Evidence - Fill in the Map to Luke Skywalker
Offered By: YouTube
Course Description
Overview
Explore advanced digital forensics techniques for recovering deleted attacker files in this 52-minute conference talk from Bloomcon 2017. Delve into the intricacies of NTFS metadata files, including SMF and $130, and learn about special cases like SDELETE. Examine file system artifacts, Windows Defender's role in APT29 investigations, and leverage the Application Compatibility Cache and Windows Prefetch for enhanced evidence recovery. Gain valuable insights into the causes of file deletion and discover effective strategies for reconstructing digital crime scenes.
Syllabus
Intro
Introductions
Causes of File Deletion
Recovering Deleted Attacker Files
NTFS Metadata Files: SMFT
NTFS Metadata Files: $130
Special Case - SDELETE
FileSystemFiles
Windows Defender - APT29 Case Study
Application Compatibility Cache
Windows Prefetch
Final Thoughts 2
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube