YoVDO

Forensicating Windows Artifacts - Investigation Without Event Logs

Offered By: Security BSides London via YouTube

Tags

Security BSides Courses Digital Forensics Courses Incident Response Courses

Course Description

Overview

Explore Windows artifact forensics techniques for investigating security incidents without relying on event logs. Learn about crucial artifacts like prefetch files, registry keys, link files, browser artifacts, and shell bags. Discover tools and methods used by SOC professionals, incident responders, and digital forensics investigators to uncover attacker activities even when logs are wiped. Gain insights into analyzing prefetch files with WinPrefetchView, examining thumbcache data, interpreting shell bags and jump lists, and leveraging Windows Registry information for comprehensive investigations.

Syllabus

Intro
Agenda: Windows Artifacts
Windows Artifacts!!
Prefetch: WinPrefetchView
Thumbcache (thumbs.db)
Shell Bag
Jump List: App IDs
Jumplist: Example
Windows Registry
THANK YOU FOR LISTENING.


Taught by

Security BSides London

Related Courses

Information Security Management in a Nutshell
SAP Learning Identifying, Monitoring, and Analyzing Risk and Incident Response and Recovery
(ISC)² via Coursera Enterprise Security Fundamentals
Microsoft via edX Planning a Security Incident Response
Microsoft via edX Introduction to Cybersecurity
Udacity