Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Forensicating Windows Artifacts - Investigation Without Event Logs

Security BSides London via YouTube

Start learning Write review
Boot.dev Ad

Learn Backend Development Part-Time, Online

Learn More → Scrimba Ad

Free courses from frontend to fullstack and AI

Learn More →

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore Windows artifact forensics techniques for investigating security incidents without relying on event logs. Learn about crucial artifacts like prefetch files, registry keys, link files, browser artifacts, and shell bags. Discover tools and methods used by SOC professionals, incident responders, and digital forensics investigators to uncover attacker activities even when logs are wiped. Gain insights into analyzing prefetch files with WinPrefetchView, examining thumbcache data, interpreting shell bags and jump lists, and leveraging Windows Registry information for comprehensive investigations.

Syllabus

Intro
Agenda: Windows Artifacts
Windows Artifacts!!
Prefetch: WinPrefetchView
Thumbcache (thumbs.db)
Shell Bag
Jump List: App IDs
Jumplist: Example
Windows Registry
THANK YOU FOR LISTENING.

Taught by

Security BSides London

Reviews

Start your review of Forensicating Windows Artifacts - Investigation Without Event Logs

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.