Inside the Coursera-Udemy Deal: 3 Bids, 2 Years, and a Rival Suitor

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Deleted Evidence - Fill in the Map to Luke Skywalker

via YouTube

Start learning Write review
Corporate Finance Institute Ad

Learn Excel & Financial Modeling the Way Finance Teams Actually Use Them

Learn More → Coursera Ad

AI, Data Science & Cloud Certificates from Google, IBM & Meta

Learn More →

Overview

Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off
One annual plan covers every course and certificate on Coursera. 40% off for a limited time.
Get Full Access
Explore advanced digital forensics techniques for recovering deleted attacker files in this 52-minute conference talk from Bloomcon 2017. Delve into the intricacies of NTFS metadata files, including SMF and $130, and learn about special cases like SDELETE. Examine file system artifacts, Windows Defender's role in APT29 investigations, and leverage the Application Compatibility Cache and Windows Prefetch for enhanced evidence recovery. Gain valuable insights into the causes of file deletion and discover effective strategies for reconstructing digital crime scenes.

Syllabus

Intro
Introductions
Causes of File Deletion
Recovering Deleted Attacker Files
NTFS Metadata Files: SMFT
NTFS Metadata Files: $130
Special Case - SDELETE
FileSystemFiles
Windows Defender - APT29 Case Study
Application Compatibility Cache
Windows Prefetch
Final Thoughts 2

Reviews

Start your review of Deleted Evidence - Fill in the Map to Luke Skywalker

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.