Deleted Evidence - Fill in the Map to Luke Skywalker
Offered By: YouTube
Course Description
Overview
Explore advanced digital forensics techniques for recovering deleted attacker files in this 52-minute conference talk from Bloomcon 2017. Delve into the intricacies of NTFS metadata files, including SMF and $130, and learn about special cases like SDELETE. Examine file system artifacts, Windows Defender's role in APT29 investigations, and leverage the Application Compatibility Cache and Windows Prefetch for enhanced evidence recovery. Gain valuable insights into the causes of file deletion and discover effective strategies for reconstructing digital crime scenes.
Syllabus
Intro
Introductions
Causes of File Deletion
Recovering Deleted Attacker Files
NTFS Metadata Files: SMFT
NTFS Metadata Files: $130
Special Case - SDELETE
FileSystemFiles
Windows Defender - APT29 Case Study
Application Compatibility Cache
Windows Prefetch
Final Thoughts 2
Related Courses
Foundations of Computer Science for TeachersThe University of Texas at Austin via edX Computer Forensics
Rochester Institute of Technology via edX FinTech Security and Regulation (RegTech)
The Hong Kong University of Science and Technology via Coursera Cyber Security
CEC via Swayam Fundamentos de Ciberseguridad: un enfoque práctico
Inter-American Development Bank via edX