Welcome to Scribd!

Skip carousel

Forensics 1

Uploaded by

net chucky

0% found this document useful (0 votes)

9 views16 pages

Original Title

Forensics-1

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

9 views16 pages

Forensics 1

Uploaded by

net chucky

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 16

Search inside document

AN OVERVIEW OF WINDOWS

FORENSICS

Things to look out for when investigating a windows machine

-by 4dsec
AGENDA

~ Fundamentals of Windows Forensics

~ Registries and File paths
~ Browser forensics
~ Tools to support forensic investigations
~ Conclusion
~ Contact and About
BASICS OF WINDOWS FORENSICS

• Understanding of windows registries aka registry hives.

• Understanding the default file structure of the operating system.
• Default locations of files and common file paths.
• Using tools to parse information.
FILE FORMAT REVERSE ENGINEERING

• Reading through hex dumps

• Understanding magic bytes
• Being able to detect broken files and recover them
• And so on…..
WINDOWS REGISTRY

HKCU

HKLM
WINDOWS REGISTRY

• Information that could be possibly recovered

* System configuration
* Devices on the system
* Usernames, Personal settings and Browser preferences
* Files opened
* Programs Executed
* Passwords
STRUCTURE OF WINDOWS REGISTRY
CHEAT SHEET
BROWSER FORENSICS

• Data from browsers constitute a sizeable wealth of valuable information.

BROWSER FORENSICS
HOW DO SAVED PASSWORDS WORK

• Windows data protection API aka DPAPI

• Commonly used by offensive tools such as mimikatz
• Usually symmetric encryption
• Now lets see how the key and password blob is retrieved
SANS POSTER
TOOLS FOR FORENSIC INVESTIGATIONS

Image Forensics Memory Forensics

AUTOPSY VS X-WAYS

• Advanced functionality • Relatively older

• Lesser support for file system forensics • Well supported for file system forensics
• Ingest modules can take a lot of time to • Faster in preprocessing data
load
• Fully licensed
• Mostly open source
WHY RED TEAMERS NEED TO KNOW
ABOUT FORENSICS
CONTACT AND ABOUT

• Abishek M
• Ex Blue teamer at Scottish Government
• Data Science/Anything cyber

• Linkedin.com/abishekmani
• 4thdsec@gmail.com
• Discord: 4dsec#4966

• Ask your questions

04-OS and Multimedia Forensics
Document189 pages
04-OS and Multimedia Forensics
Mohammed Lajam
100% (1)
SCI4201 Lecture 4 - Data Acquistion
Document46 pages
SCI4201 Lecture 4 - Data Acquistion
onele mabhena
No ratings yet
Forensic Analysis of A Windows 2000 Server Operating System: Joshua Young CS585F - Fall 2002
Document63 pages
Forensic Analysis of A Windows 2000 Server Operating System: Joshua Young CS585F - Fall 2002
Khan Bahi
No ratings yet
Computer Security Professionals and IT Personnel
Document20 pages
Computer Security Professionals and IT Personnel
Faim Hasan
No ratings yet
LO - 2 - Data Capture and Memory Forensics
Document51 pages
LO - 2 - Data Capture and Memory Forensics
israa
No ratings yet
Cyber Forensics
Document29 pages
Cyber Forensics
unnamed
No ratings yet
Memory Forensic in Incident Response
Document74 pages
Memory Forensic in Incident Response
Sunidhi Jain
100% (1)
Lec 2
Document23 pages
Lec 2
aldd63502
No ratings yet
Akuisisi Data: Forensic Computer
Document76 pages
Akuisisi Data: Forensic Computer
Darma
No ratings yet
CH 04 I C
Document93 pages
CH 04 I C
balajinaik07
No ratings yet
Introduction To Memory Forensics
Document47 pages
Introduction To Memory Forensics
it20250560 Rajapaksha R.M.P.S
No ratings yet
Module 2 Webinar Slides - Powerpoint
Document24 pages
Module 2 Webinar Slides - Powerpoint
Emmanuel
No ratings yet
39 - Physical Memory Forensics
Document53 pages
39 - Physical Memory Forensics
smithm007
No ratings yet
Memory Analysis
Document53 pages
Memory Analysis
Shishir Saxena
No ratings yet
CH 04
Document13 pages
CH 04
balajinaik07
No ratings yet
Digital Forensics (Data Acquisition and Hashing)
Document48 pages
Digital Forensics (Data Acquisition and Hashing)
Dipenker Dey
100% (1)
CH 4 - Footprinting and Social Engineering
Document64 pages
CH 4 - Footprinting and Social Engineering
coder
No ratings yet
Digital Forensics: Computer Forensics
Document26 pages
Digital Forensics: Computer Forensics
baby app
No ratings yet
Guide For Digital Forensic
Document69 pages
Guide For Digital Forensic
Abdullah Simbanatao
No ratings yet
SCI4201 Lecture 7 - Forensics Tools
Document53 pages
SCI4201 Lecture 7 - Forensics Tools
onele mabhena
No ratings yet
Data Acquisition
Document29 pages
Data Acquisition
يُ يَ
No ratings yet
Guide To Computer Forensics and Investigations Fourth Edition
Document57 pages
Guide To Computer Forensics and Investigations Fourth Edition
MD HOSSAIN
No ratings yet
Data Acquisition
Document31 pages
Data Acquisition
excitekarthik
No ratings yet
Is Here Again .: Chema Alonso
Document55 pages
Is Here Again .: Chema Alonso
Francioli Daria
No ratings yet
CF Unit 3
Document151 pages
CF Unit 3
saket bntu
No ratings yet
Lec3 23-3-2024
Document35 pages
Lec3 23-3-2024
dr.ashehata2013
No ratings yet
4680 ch04
Document64 pages
4680 ch04
Văn Hải
No ratings yet
Guide To Computer Forensics and Investigations Fourth Edition
Document67 pages
Guide To Computer Forensics and Investigations Fourth Edition
Santhosh Kumar P
No ratings yet
Hands-On Ethical Hacking and Network Defense
Document47 pages
Hands-On Ethical Hacking and Network Defense
shabir Ahmad
No ratings yet
CH 04
Document61 pages
CH 04
kelassatudua tiga
No ratings yet
Guide To Computer Forensics and Investigations Fourth Edition
Document58 pages
Guide To Computer Forensics and Investigations Fourth Edition
Mr J Briso Beclay Bell IT
No ratings yet
Foss Digital Forensics
Document33 pages
Foss Digital Forensics
theamitanna
No ratings yet
IS & F Lecture #29 30 - Computer Forensics-Data Acquisition
Document17 pages
IS & F Lecture #29 30 - Computer Forensics-Data Acquisition
Sadiholic
No ratings yet
Digital Forensics
Document30 pages
Digital Forensics
Ifra Iqbal
No ratings yet
Operating System Security: Mike Swift CSE 451 Autumn 2003
Document23 pages
Operating System Security: Mike Swift CSE 451 Autumn 2003
Moayead Mahdi
No ratings yet
Guide To Computer Forensics and Investigations: Data Acquisition
Document19 pages
Guide To Computer Forensics and Investigations: Data Acquisition
Yukta Jaiswal
No ratings yet
Modern Anti Forensics - A Systems Disruption Approach
Document50 pages
Modern Anti Forensics - A Systems Disruption Approach
hilaslima
No ratings yet
Unix File System
Document15 pages
Unix File System
Vamsi Krishna
No ratings yet
Introduction To Digital Forensics: Florian Buchholz
Document30 pages
Introduction To Digital Forensics: Florian Buchholz
Tamil Selvan
No ratings yet
Guide To Computer Forensics and Investigations Fourth Edition
Document56 pages
Guide To Computer Forensics and Investigations Fourth Edition
MD HOSSAIN
No ratings yet
Forerense en Linux
Document18 pages
Forerense en Linux
Kika Arteaga F
No ratings yet
Data Acquisition: Paul Ssemaluulu (PHD)
Document35 pages
Data Acquisition: Paul Ssemaluulu (PHD)
Wiisky Ilwa
100% (2)
Lesson 1 Computer Forenscis
Document30 pages
Lesson 1 Computer Forenscis
Gerry
No ratings yet
Key Technical Concepts
Document69 pages
Key Technical Concepts
Ain Anuar
No ratings yet
EHDF Ut2
Document12 pages
EHDF Ut2
Faizal Khan
No ratings yet
Lec3 18-3-2024
Document52 pages
Lec3 18-3-2024
dr.ashehata2013
No ratings yet
CF Lecture 12 - Windows Forensics
Document53 pages
CF Lecture 12 - Windows Forensics
Faisal Shahzad
100% (1)
Guide To Computer Forensics and Investigations: Data Acquisition
Document13 pages
Guide To Computer Forensics and Investigations: Data Acquisition
Yukta Jaiswal
No ratings yet
Digital Forensics Lec4 Spring 2021-2
Document59 pages
Digital Forensics Lec4 Spring 2021-2
change abc
No ratings yet
Forensic Secrets Sample
Document28 pages
Forensic Secrets Sample
rj3301a
0% (2)
CF Lecture 07-Memory Forensics
Document54 pages
CF Lecture 07-Memory Forensics
Faisal Shahzad
100% (1)
Guide To Computer Forensics and Investigations: Data Acquisition
Document17 pages
Guide To Computer Forensics and Investigations: Data Acquisition
Yukta Jaiswal
No ratings yet
Common Forensics Tools
Document10 pages
Common Forensics Tools
Nermani Rajakulendram
No ratings yet
CF Lecture 04-Data Acquisition
Document65 pages
CF Lecture 04-Data Acquisition
Faisal Shahzad
100% (1)
Current Computer Forensics Tools
Document65 pages
Current Computer Forensics Tools
jaya prasanna
No ratings yet
Detect Malware W Memory Forensics
Document27 pages
Detect Malware W Memory Forensics
محيي الباز
No ratings yet
Intro To Computer Forensics
Document27 pages
Intro To Computer Forensics
Vishal Vasu
No ratings yet
Memory Forensics
Document46 pages
Memory Forensics
Rin Tohsaka
No ratings yet
03 Data Acquisition
Document91 pages
03 Data Acquisition
Mohammed Lajam
No ratings yet
USB Mass Storage: Designing and Programming Devices and Embedded Hosts
From Everand
USB Mass Storage: Designing and Programming Devices and Embedded Hosts
Jan Axelson
No ratings yet
TapScanner 04-10-2022-18.53
Document5 pages
TapScanner 04-10-2022-18.53
net chucky
No ratings yet
RDBMSD 1 42
Document42 pages
RDBMSD 1 42
net chucky
No ratings yet
Red Teaming 101: Cyberonics - Hacktoberfest 2K22
Document36 pages
Red Teaming 101: Cyberonics - Hacktoberfest 2K22
net chucky
No ratings yet
Open Source Software
Document2 pages
Open Source Software
net chucky
No ratings yet