Windows forensic artifacts

•Als PPT, PDF herunterladen•

2 gefällt mir•589 views

Pardhasaradhi ch

Windows Forensic Artifacts http://null.co.in/ http://nullcon.net/ Pardhasaradhi.ch a.k.a babloo 09762310104 [email_address]

http://null.co.in/ http://nullcon.net/ Agenda Introduction Steps of forensics investigation Rules of Forensics investigations Terminology Windows Artifacts Browser artifacts Tools which can be used Evidence gathering Without Tools

http://null.co.in/ http://nullcon.net/ Introduction to Forensics ,[object Object],[object Object],[object Object]

http://null.co.in/ http://nullcon.net/ Steps of Forensics

http://null.co.in/ http://nullcon.net/ Rules of Forensics investigation ,[object Object],[object Object],[object Object],[object Object]

http://null.co.in/ http://nullcon.net/ Terminology C ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

http://null.co.in/ http://nullcon.net/ Windows Artifacts ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

http://null.co.in/ http://nullcon.net/ Browser artifacts in Windows Default auto bookmarks location for Firefox C:sers.....ppDataoamingozillairefoxrofiles,,,.default Default location Saved Passwords C:sers..ppDataoamingozillairefoxrofiles6jq0hlt.defaultey3.db C:sers..ppDataoamingozillairefoxrofiles6jq0hlt.defaultignons.Sqllite

http://null.co.in/ http://nullcon.net/ Using a Dump File We can get User details System Activity Almost every thing using third party tools

http://null.co.in/ http://nullcon.net/ Tools Can be used FTK Encase DFF ADDONS Parbens Stegosuite Volatility TZwork sbag

http://null.co.in/ http://nullcon.net/ Without tools How can we extract the data ? USB devices :: HKLMystemontrolset00xnumSBSTOR what Information can be found Vendor ID, Product ID, Revision, Device ID / Serial Number Mounted Devices HKLMystemounted Devices What information can be found This key views each drive connected to the system

http://null.co.in/ http://nullcon.net/ Task manager Event logs Network and performance monitor Task scheduler Windows Update history System files MAC table Commands in cli / Powershell Computer management Regedit Msconfig Prefetch

Thank You Pardhasaradhi.ch 09762310104 www.pardhasaradhi.info [email_address]

Weitere ähnliche Inhalte

Ähnlich wie Windows forensic artifacts

Course Objectives: • Help the student to achieve a broad understanding of the main types of memory forensic data gathering and analysis • Serve as an introduction to low level concepts necessary for a proper understanding of the task of performing memory forensics on Windows, MacOSX and Linux (incl. Android). • Put the student in contact with different memory forensics tools and provide him information on how to use the gathered forensic data to perform a wide range of investigations

2010 2013 sandro suffert memory forensics introdutory work shop - public

2010 2013 sandro suffert memory forensics introdutory work shop - public

2010 2013 sandro suffert memory forensics introdutory work shop - public

Anti-forensics refers to any technique, gadget or software designed to hamper a computer investigation. Achieve Security using Anti Forensics. Anti-forensics Includes: Encryption, stenography, disk cleaning, file wiping. Anti-Forensics mainly for the security purpose.For confidentiality of Information or Securing the Web-Transaction. Smart Criminals are using it to Harden the forensic Investigation.

Anti forensics-techniques-for-browsing-artifacts

Anti forensics-techniques-for-browsing-artifacts

Anti forensics-techniques-for-browsing-artifacts

nullcon 2011 - Penetration Testing a Biometric System

nullcon 2011 - Penetration Testing a Biometric System

nullcon 2011 - Penetration Testing a Biometric System

n|u - The Open Security Community

Windows Threat Hunting

Windows Threat Hunting

Windows Threat Hunting

Laporan Praktikum Keamanan Siber - Tugas 2 -Kelas C - Kelompok 3.pdf

Laporan Praktikum Keamanan Siber - Tugas 2 -Kelas C - Kelompok 3.pdf

Laporan Praktikum Keamanan Siber - Tugas 2 -Kelas C - Kelompok 3.pdf

IGedeArieYogantaraSu

Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009

Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009

Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009

Basic malware analysis

Basic malware analysis

Basic malware analysis

Cysinfo Cyber Security Community

Introduction to Forensics and Steganography by Pardhasaradhi C

Introduction to Forensics and Steganography by Pardhasaradhi C

Introduction to Forensics and Steganography by Pardhasaradhi C

n|u - The Open Security Community

intro to forensics

intro to forensics

intro to forensics

Pardhasaradhi ch

CCleaner and case studies in Cyber Security

CCleaner and case studies in Cyber Security

CCleaner and case studies in Cyber Security

kartikaVashisht

5 howtomitigate

5 howtomitigate

5 howtomitigate

Final viva

Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis

Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis

Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis

securityxploded

Cyber&digital forensics report

Cyber&digital forensics report

Cyber&digital forensics report

Digital forensics

Digital forensics

Digital forensics

Adriana Backman

Join Infocyte co-founder and Chief Product Officer, Chris Gerritz, for a two-hour digital forensics and incident response (DFIR) training session. During this presentation, Chris shows participants how to set up Infocyte's managed detection and response (MDR) platform and how to leverage Infocyte to detect, investigate, isolate, and eliminate sophisticated cyber threats. Additionally, Infocyte helps enterprise cyber security teams eliminate hidden IT risks, improve security hygiene, maintain compliance, and streamline security operations—including improving the capabilities of existing endpoint security tools. Using Infocyte's new extensions, participants are encouraged to custom create their own collection (detection and analysis) and action (incident response) extensions.

Infocyte - Digital Forensics and Incident Response (DFIR) Training Session

Infocyte - Digital Forensics and Incident Response (DFIR) Training Session

Infocyte - Digital Forensics and Incident Response (DFIR) Training Session

Computer forensics

Computer forensics

Computer forensics

computerforensics-140529094816-phpapp01 (1).pdf

computerforensics-140529094816-phpapp01 (1).pdf

computerforensics-140529094816-phpapp01 (1).pdf

Lab Deliverable for Lab nYour NameDate Title: Creating, Using, Removing System Restore Points for Windows 8.1Operating Environment: 1. Operating System: Windows 8.1 Pro 2. Hardware 3. SoftwareDescription: Notes, Warnings, & Restrictions:Resources (Further Reading):Procedures: [First Section Heading & Brief Intro / Explanation] [Step-by-Step] [Second Section Heading & Brief Intro / Explanation] [Step-by-Step] [Last Section Heading & Brief Intro / Explanation] [Step-by-Step] Title:Operating Environment: 1. Hardware 2. SoftwareDescription: Notes, Warnings, & Restrictions:Resources (Further Reading):Procedures: [First Section Heading & Brief Intro / Explanation] [Step-by-Step] [Second Section Heading & Brief Intro / Explanation] [Step-by-Step] [Last Section Heading & Brief Intro / Explanation] [Step-by-Step] Title:Operating Environment: 1. Hardware 2. SoftwareDescription: Notes, Warnings, & Restrictions:Resources (Further Reading):Procedures: [First Section Heading & Brief Intro / Explanation] [Step-by-Step] [Second Section Heading & Brief Intro / Explanation] [Step-by-Step] [Last Section Heading & Brief Intro / Explanation] [Step-by-Step] 1 2 · Week 4 Discussion · Discussion response - your response to the discussion question should be between 150 - 300 words. · Must provide a minimum of at least one (1) reference in your discussion. Discussion Topic Updated Discuss ONE of the following: (Try not replicate other’s answers) e) What is an installment loan? Make sure you are properly citing your source(s) and providing your reference(s) for information you obtain from another source. · Week 4 Lecture (embedded below) · Code of Federal Regulations (eCFR). TITLE 42 Chapter IV Centers for Medicare & Medicaid Services, U.S. Department of Health & Human Services Subchapter G. Standards and Certification. http://www.ecfr.gov/cgi-bin/text-idx?c=ecfr&tpl=/ecfrbrowse/Title42/42cfr483_main_02.tpl · NCSL. (2009). Certificate of Need Programs by State and Service. The National Conference of State Legislatures, Denver CO. · http://www.ncsl.org/issues-research/health/con-certificate-of-need-state-laws.aspx#Regulated · Healthcare accreditation systems: further perspectives on performance measures http://intqhc.oxfordjournals.org/content/23/6/645.full · Week 4 Discussion Discussion Topic Updated Please address all three questions: Article 1.....Regulations for Long Term Care Facilities. A. Identify by name and location and research a Long Term Care Facility that had a regulatory deficiency. -What was the deficiency? -How was the deficiency addressed by the facility? -Were there any penalties involved? Article 2, CON A. From the map choose a state that has CON regulations. B. From that state, identify a hospital/ health system that had project review by CON. C. Describe the project and the outcome of the CON process. Article 3, Accreditation, A. Joint Commission on the Accreditation of Healthcare Organizations (JCAHO)....define their m ...

Lab Deliverable for Lab nYour NameDateTitle Creating, Using, Remo.docx

Lab Deliverable for Lab nYour NameDateTitle Creating, Using, Remo.docx

Lab Deliverable for Lab nYour NameDateTitle Creating, Using, Remo.docx

Ccleaner

Ähnlich wie Windows forensic artifacts (20)

2010 2013 sandro suffert memory forensics introdutory work shop - public

2010 2013 sandro suffert memory forensics introdutory work shop - public

2010 2013 sandro suffert memory forensics introdutory work shop - public

Anti forensics-techniques-for-browsing-artifacts

Anti forensics-techniques-for-browsing-artifacts

Anti forensics-techniques-for-browsing-artifacts

nullcon 2011 - Penetration Testing a Biometric System

nullcon 2011 - Penetration Testing a Biometric System

nullcon 2011 - Penetration Testing a Biometric System

Windows Threat Hunting

Windows Threat Hunting

Windows Threat Hunting

Laporan Praktikum Keamanan Siber - Tugas 2 -Kelas C - Kelompok 3.pdf

Laporan Praktikum Keamanan Siber - Tugas 2 -Kelas C - Kelompok 3.pdf

Laporan Praktikum Keamanan Siber - Tugas 2 -Kelas C - Kelompok 3.pdf

Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009

Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009

Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009

Basic malware analysis

Basic malware analysis

Basic malware analysis

Introduction to Forensics and Steganography by Pardhasaradhi C

Introduction to Forensics and Steganography by Pardhasaradhi C

Introduction to Forensics and Steganography by Pardhasaradhi C

intro to forensics

intro to forensics

intro to forensics

CCleaner and case studies in Cyber Security

CCleaner and case studies in Cyber Security

CCleaner and case studies in Cyber Security

5 howtomitigate

5 howtomitigate

5 howtomitigate

Final viva

Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis

Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis

Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis

Cyber&digital forensics report

Cyber&digital forensics report

Cyber&digital forensics report

Digital forensics

Digital forensics

Digital forensics

Infocyte - Digital Forensics and Incident Response (DFIR) Training Session

Infocyte - Digital Forensics and Incident Response (DFIR) Training Session

Infocyte - Digital Forensics and Incident Response (DFIR) Training Session

Computer forensics

Computer forensics

Computer forensics

computerforensics-140529094816-phpapp01 (1).pdf

computerforensics-140529094816-phpapp01 (1).pdf

computerforensics-140529094816-phpapp01 (1).pdf

Lab Deliverable for Lab nYour NameDateTitle Creating, Using, Remo.docx

Lab Deliverable for Lab nYour NameDateTitle Creating, Using, Remo.docx

Lab Deliverable for Lab nYour NameDateTitle Creating, Using, Remo.docx

Ccleaner

Kürzlich hochgeladen

Artificial Intelligence Chap.5 : Uncertainty

Artificial Intelligence Chap.5 : Uncertainty

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Bhuvaneswari Subramani

Architecting Cloud Native Applications

Architecting Cloud Native Applications

Architecting Cloud Native Applications

Tracing the root cause of a performance issue requires a lot of patience, experience, and focus. It’s so hard that we sometimes attempt to guess by trying out tentative fixes, but that usually results in frustration, messy code, and a considerable waste of time and money. This talk explains how to correctly zoom in on a performance bottleneck using three levels of profiling: distributed tracing, metrics, and method profiling. After we learn to read the JVM profiler output as a flame graph, we explore a series of bottlenecks typical for backend systems, like connection/thread pool starvation, invisible aspects, blocking code, hot CPU methods, lock contention, and Virtual Thread pinning, and we learn to trace them even if they occur in library code you are not familiar with. Attend this talk and prepare for the performance issues that will eventually hit any successful system. About authorWith two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.

Platformless Horizons for Digital Adaptability

Platformless Horizons for Digital Adaptability

Platformless Horizons for Digital Adaptability

Dubai, often portrayed as a shimmering oasis in the desert, faces its own set of challenges, including the occasional threat of flooding. Despite its reputation for opulence and modernity, the emirate is not immune to the forces of nature. In recent years, Dubai has experienced sporadic but significant floods, testing the resilience of its infrastructure and communities. Among the critical lifelines in this bustling metropolis is the Dubai International Airport, a bustling hub that connects the city to the world. This article explores the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Following the popularity of “Cloud Revolution: Exploring the New Wave of Serverless Spatial Data,” we’re thrilled to announce this much-anticipated encore webinar. In this sequel, we’ll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you’re building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Vector Search -An Introduction in Oracle Database 23ai.pptx

Vector Search -An Introduction in Oracle Database 23ai.pptx

Vector Search -An Introduction in Oracle Database 23ai.pptx

Remote DBA Services

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

Apidays New York 2024 - The value of a flexible API Management solution for O...

Apidays New York 2024 - The value of a flexible API Management solution for O...

Kürzlich hochgeladen (20)

Artificial Intelligence Chap.5 : Uncertainty

Artificial Intelligence Chap.5 : Uncertainty

Artificial Intelligence Chap.5 : Uncertainty

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Architecting Cloud Native Applications

Architecting Cloud Native Applications

Architecting Cloud Native Applications

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Platformless Horizons for Digital Adaptability

Platformless Horizons for Digital Adaptability

Platformless Horizons for Digital Adaptability

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Vector Search -An Introduction in Oracle Database 23ai.pptx

Vector Search -An Introduction in Oracle Database 23ai.pptx

Vector Search -An Introduction in Oracle Database 23ai.pptx

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Apidays New York 2024 - The value of a flexible API Management solution for O...

Apidays New York 2024 - The value of a flexible API Management solution for O...

Apidays New York 2024 - The value of a flexible API Management solution for O...

Windows forensic artifacts

1. Windows Forensic Artifacts http://null.co.in/ http://nullcon.net/ Pardhasaradhi.ch a.k.a babloo 09762310104 [email_address]

2. http://null.co.in/ http://nullcon.net/ Agenda Introduction Steps of forensics investigation Rules of Forensics investigations Terminology Windows Artifacts Browser artifacts Tools which can be used Evidence gathering Without Tools

3.

4. http://null.co.in/ http://nullcon.net/ Steps of Forensics

5.

6.

7.

8. http://null.co.in/ http://nullcon.net/ Browser artifacts in Windows Default auto bookmarks location for Firefox C:sers.....ppDataoamingozillairefoxrofiles,,,.default Default location Saved Passwords C:sers..ppDataoamingozillairefoxrofiles6jq0hlt.defaultey3.db C:sers..ppDataoamingozillairefoxrofiles6jq0hlt.defaultignons.Sqllite

9. http://null.co.in/ http://nullcon.net/ Using a Dump File We can get User details System Activity Almost every thing using third party tools

10. http://null.co.in/ http://nullcon.net/ Tools Can be used FTK Encase DFF ADDONS Parbens Stegosuite Volatility TZwork sbag

11. http://null.co.in/ http://nullcon.net/ Without tools How can we extract the data ? USB devices :: HKLMystemontrolset00xnumSBSTOR what Information can be found Vendor ID, Product ID, Revision, Device ID / Serial Number Mounted Devices HKLMystemounted Devices What information can be found This key views each drive connected to the system

12. http://null.co.in/ http://nullcon.net/ Task manager Event logs Network and performance monitor Task scheduler Windows Update history System files MAC table Commands in cli / Powershell Computer management Regedit Msconfig Prefetch

13. Thank You Pardhasaradhi.ch 09762310104 www.pardhasaradhi.info [email_address]