Forensicating Windows Artifacts - Investigation Without Event Logs
Security BSides London via YouTube
Master Agentic AI, GANs, Fine-Tuning & LLM Apps
Power BI Fundamentals - Create visualizations and dashboards from scratch
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Explore Windows artifact forensics techniques for investigating security incidents without relying on event logs. Learn about crucial artifacts like prefetch files, registry keys, link files, browser artifacts, and shell bags. Discover tools and methods used by SOC professionals, incident responders, and digital forensics investigators to uncover attacker activities even when logs are wiped. Gain insights into analyzing prefetch files with WinPrefetchView, examining thumbcache data, interpreting shell bags and jump lists, and leveraging Windows Registry information for comprehensive investigations.
Syllabus
Intro
Agenda: Windows Artifacts
Windows Artifacts!!
Prefetch: WinPrefetchView
Thumbcache (thumbs.db)
Shell Bag
Jump List: App IDs
Jumplist: Example
Windows Registry
THANK YOU FOR LISTENING.
Taught by
Security BSides London