2. http://null.co.in/ http://nullcon.net/ Agenda Introduction Steps of forensics investigation Rules of Forensics investigations Terminology Windows Artifacts Browser artifacts Tools which can be used Evidence gathering Without Tools
8. http://null.co.in/ http://nullcon.net/ Browser artifacts in Windows Default auto bookmarks location for Firefox C:sers.....ppDataoamingozillairefoxrofiles,,,.default Default location Saved Passwords C:sers..ppDataoamingozillairefoxrofiles6jq0hlt.defaultey3.db C:sers..ppDataoamingozillairefoxrofiles6jq0hlt.defaultignons.Sqllite
11. http://null.co.in/ http://nullcon.net/ Without tools How can we extract the data ? USB devices :: HKLMystemontrolset00xnumSBSTOR what Information can be found Vendor ID, Product ID, Revision, Device ID / Serial Number Mounted Devices HKLMystemounted Devices What information can be found This key views each drive connected to the system
12. http://null.co.in/ http://nullcon.net/ Task manager Event logs Network and performance monitor Task scheduler Windows Update history System files MAC table Commands in cli / Powershell Computer management Regedit Msconfig Prefetch