YoVDO

Forensicating Windows Artifacts - Investigation Without Event Logs

Offered By: Security BSides London via YouTube

Tags

Security BSides Courses Digital Forensics Courses Incident Response Courses

Course Description

Overview

Explore Windows artifact forensics techniques for investigating security incidents without relying on event logs. Learn about crucial artifacts like prefetch files, registry keys, link files, browser artifacts, and shell bags. Discover tools and methods used by SOC professionals, incident responders, and digital forensics investigators to uncover attacker activities even when logs are wiped. Gain insights into analyzing prefetch files with WinPrefetchView, examining thumbcache data, interpreting shell bags and jump lists, and leveraging Windows Registry information for comprehensive investigations.

Syllabus

Intro
Agenda: Windows Artifacts
Windows Artifacts!!
Prefetch: WinPrefetchView
Thumbcache (thumbs.db)
Shell Bag
Jump List: App IDs
Jumplist: Example
Windows Registry
THANK YOU FOR LISTENING.


Taught by

Security BSides London

Related Courses

Foundations of Computer Science for Teachers
The University of Texas at Austin via edX Computer Forensics
Rochester Institute of Technology via edX FinTech Security and Regulation (RegTech)
The Hong Kong University of Science and Technology via Coursera Cyber Security
CEC via Swayam Fundamentos de Ciberseguridad: un enfoque práctico
Inter-American Development Bank via edX