YoVDO

Forensicating Windows Artifacts - Investigation Without Event Logs

Offered By: Security BSides London via YouTube

Tags

Security BSides Courses Digital Forensics Courses Incident Response Courses

Course Description

Overview

Explore Windows artifact forensics techniques for investigating security incidents without relying on event logs. Learn about crucial artifacts like prefetch files, registry keys, link files, browser artifacts, and shell bags. Discover tools and methods used by SOC professionals, incident responders, and digital forensics investigators to uncover attacker activities even when logs are wiped. Gain insights into analyzing prefetch files with WinPrefetchView, examining thumbcache data, interpreting shell bags and jump lists, and leveraging Windows Registry information for comprehensive investigations.

Syllabus

Intro
Agenda: Windows Artifacts
Windows Artifacts!!
Prefetch: WinPrefetchView
Thumbcache (thumbs.db)
Shell Bag
Jump List: App IDs
Jumplist: Example
Windows Registry
THANK YOU FOR LISTENING.


Taught by

Security BSides London

Related Courses

Early Detection through Deception
YouTube Hack for Show, Report for Dough - Brian King
YouTube Blue Teamin on a Budget of Zero - Kyle Bubp
YouTube Windows Event Logs - Zero to Hero
YouTube Weaponizing Splunk - Using Blue Team Tools for Evil
YouTube