These Artifacts Aren't Fiction
Offered By: YouTube
Course Description
Overview
Explore a conference talk on digital forensics and artifact analysis, focusing on Windows SRUM database, web browser artifacts, and PowerShell. Learn about data preservation methodology, network resource usage, and investigation tooling. Discover techniques for analyzing memory dumps, parsing history artifacts, and collecting PowerShell artifacts. Gain insights into system time manipulation, file hashing, and less volatile network artifacts. Understand the importance of execution policy settings, clipboard data, auto-runs, and tasks in forensic investigations. Acquire practical tips and tricks for effective PowerShell usage in digital forensics.
Syllabus
Intro
Introducing: Matt Scheurer
Data Preservation Methodology
The Windows SRUM Database
Useful SRUM Data
Network Resource Usage
SRUM Database Conclusions
Web Browser Artifacts
Investigation Tooling
Artifact Sources
Memory Dumps
Example History Artifact Paths
History Parsed Example 4/4
Download Parsed Example 1/2
PowerShell Artifacts Collection
Objectives
Warning!
PowerShell Logging
PowerShell Version
PowerShell Pro Tip!
System Time
Hashing Files
Less Volatile Network Artifacts
Execution Policy Settings
Clipboard, Auto-runs, and Tasks
Host Details
The Open Files Conundrum
More PowerShell Tips & Tricks
Thank you for attending!
Related Courses
Foundations of Computer Science for TeachersThe University of Texas at Austin via edX Computer Forensics
Rochester Institute of Technology via edX FinTech Security and Regulation (RegTech)
The Hong Kong University of Science and Technology via Coursera Cyber Security
CEC via Swayam Fundamentos de Ciberseguridad: un enfoque práctico
Inter-American Development Bank via edX