SlideShare uma empresa Scribd logo

Chetan-Mining_Digital_Evidence_in_Microsoft_Windows

Transferir como PPT, PDF
G
guest66dc5f
Economia e finançasTecnologia
1 de 44
Mining Digital Evidence in Microsoft Windows – Answering Who, When, Why and How?
Agenda ,[object Object],[object Object],[object Object],[object Object]
A Quick CSI-FBI 2007 Survey Summary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
CSI Computer Crime and Security Survey ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
CSI Computer Crime and Security Survey ,[object Object]
Computer Forensics – the laws ,[object Object],[object Object],[object Object]
Tip of the “Digital” Iceberg Data as seen by a casual observer using common tools (Explorer Window, cmd shell, web browser etc. ) Data as seen by Forensic Investigators using his sophisticated toolkit. May include deleted data, hidden data, unauthorized information and records of illegal activity!
Mining Windows XP
Windows XP – Market Share ,[object Object],[object Object],[object Object],[object Object]
10 Forensics avenues in Windows XP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
10 Forensics avenues in Windows XP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Mining NTFS Attributes ,[object Object]
Mining $logfile ,[object Object],[object Object],[object Object],[object Object],[object Object]
Mining NTFS timestamps ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
10 Forensics avenues in Windows XP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Windows Registry ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Mining Windows Registry ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
10 Forensics avenues in Windows XP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The Prefetch feature ,[object Object],[object Object],[object Object]
The Prefetch feature ,[object Object],[object Object],[object Object]
Mining Prefetch – wfa.exe
10 Forensics avenues in Windows XP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Print Spooler Files ,[object Object],[object Object],[object Object],[object Object]
PA Spool Viewer – view .shd files Splview.exe - available at http:// undocprint.printassociates.com This tool allows you to view the metadata of the print job!
EMF Spool viewer – view .spl files ,[object Object],[object Object],[object Object],[object Object]
10 Forensics avenues in Windows XP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Mining the Recycle bin ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
10 Forensics avenues in Windows XP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Mining Thumbs.db ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
10 Forensics avenues in Windows XP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Event Logs ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Mining event logs… ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
10 Forensics avenues in Windows XP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Tracing Internet Activity ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Mining Internet Explorer ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Mining Mozilla Firefox ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
10 Forensics avenues in Windows XP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Mining shortcut files ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Mining shortcut files… ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
10 Forensics avenues in Windows XP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The restore point feature ,[object Object],[object Object],[object Object],[object Object],[object Object]
The restore point feature ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Mining restore points ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Queries are welcome!

Recomendados

Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3CTIN
 
Stegano Forensics
Stegano ForensicsStegano Forensics
Stegano ForensicsChiawei Wang
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer ForensicsNeilg42
 
Registry forensics
Registry forensicsRegistry forensics
Registry forensicsPrince Boonlia
 
Network forensic
Network forensicNetwork forensic
Network forensicManjushree Mashal
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System ForensicsArunJS5
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensicsRahul Baghla
 

Recomendados

Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3CTIN
 
Stegano Forensics
Stegano ForensicsStegano Forensics
Stegano ForensicsChiawei Wang
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer ForensicsNeilg42
 
Registry forensics
Registry forensicsRegistry forensics
Registry forensicsPrince Boonlia
 
Network forensic
Network forensicNetwork forensic
Network forensicManjushree Mashal
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System ForensicsArunJS5
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensicsRahul Baghla
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
What is WHOIS?
What is WHOIS?What is WHOIS?
What is WHOIS?ICANN
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsBrent Muir
 
Memory forensics
Memory forensicsMemory forensics
Memory forensicsSunil Kumar
 
Windows Forensic 101
Windows Forensic 101Windows Forensic 101
Windows Forensic 101Digit Oktavianto
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics pptNikhil Mashruwala
 
Browser Security by pratimesh Pathak ( Buldhana)
Browser Security by pratimesh Pathak ( Buldhana) Browser Security by pratimesh Pathak ( Buldhana)
Browser Security by pratimesh Pathak ( Buldhana) Pratimesh Pathak
 
Digital forensics ahmed emam
Digital forensics ahmed emamDigital forensics ahmed emam
Digital forensics ahmed emamahmad abdelhafeez
 
Mike king - Digital body language 2.0
Mike king - Digital body language 2.0Mike king - Digital body language 2.0
Mike king - Digital body language 2.0Neo Consulting
 
Windows forensic artifacts
Windows forensic artifactsWindows forensic artifacts
Windows forensic artifactsn|u - The Open Security Community
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Logchuckbt
 
Uniform Domain Name Dispute Resolution
Uniform Domain Name Dispute ResolutionUniform Domain Name Dispute Resolution
Uniform Domain Name Dispute Resolutionlibertyluver
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsNicholas Davis
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsMayank Chaudhari
 
computer forensics
computer forensicscomputer forensics
computer forensicsAkhil Kumar
 
Tor Browser Forensics on Windows OS
Tor Browser Forensics on Windows OSTor Browser Forensics on Windows OS
Tor Browser Forensics on Windows OSReality Net System Solutions
 
Email Forensics
Email ForensicsEmail Forensics
Email ForensicsGol D Roger
 
Windowsforensics
WindowsforensicsWindowsforensics
WindowsforensicsSantosh Khadsare
 
computer forensics
computer forensicscomputer forensics
computer forensicsshivi123456
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 
Digital forensics research: The next 10 years
Digital forensics research: The next 10 yearsDigital forensics research: The next 10 years
Digital forensics research: The next 10 yearsMehedi Hasan
 
Alphorm.com Support de la Formation Windows 10 Troubleshootings partie 1
Alphorm.com Support de la Formation Windows 10 Troubleshootings partie 1Alphorm.com Support de la Formation Windows 10 Troubleshootings partie 1
Alphorm.com Support de la Formation Windows 10 Troubleshootings partie 1Alphorm
 

Mais conteúdo relacionado

Mais procurados

Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
What is WHOIS?
What is WHOIS?What is WHOIS?
What is WHOIS?ICANN
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsBrent Muir
 
Memory forensics
Memory forensicsMemory forensics
Memory forensicsSunil Kumar
 
Browser Security by pratimesh Pathak ( Buldhana)
Browser Security by pratimesh Pathak ( Buldhana) Browser Security by pratimesh Pathak ( Buldhana)
Browser Security by pratimesh Pathak ( Buldhana) Pratimesh Pathak
 
Digital forensics ahmed emam
Digital forensics ahmed emamDigital forensics ahmed emam
Digital forensics ahmed emamahmad abdelhafeez
 
Mike king - Digital body language 2.0
Mike king - Digital body language 2.0Mike king - Digital body language 2.0
Mike king - Digital body language 2.0Neo Consulting
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Logchuckbt
 
Uniform Domain Name Dispute Resolution
Uniform Domain Name Dispute ResolutionUniform Domain Name Dispute Resolution
Uniform Domain Name Dispute Resolutionlibertyluver
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsMayank Chaudhari
 
computer forensics
computer forensicscomputer forensics
computer forensicsAkhil Kumar
 
computer forensics
computer forensicscomputer forensics
computer forensicsshivi123456
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 

Mais procurados (20)

Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
What is WHOIS?
What is WHOIS?What is WHOIS?
What is WHOIS?
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary Artefacts
 
Memory forensics
Memory forensicsMemory forensics
Memory forensics
 
Windows Forensic 101
Windows Forensic 101Windows Forensic 101
Windows Forensic 101
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 
Browser Security by pratimesh Pathak ( Buldhana)
Browser Security by pratimesh Pathak ( Buldhana) Browser Security by pratimesh Pathak ( Buldhana)
Browser Security by pratimesh Pathak ( Buldhana)
 
Digital forensics ahmed emam
Digital forensics ahmed emamDigital forensics ahmed emam
Digital forensics ahmed emam
 
Mike king - Digital body language 2.0
Mike king - Digital body language 2.0Mike king - Digital body language 2.0
Mike king - Digital body language 2.0
 
Windows forensic artifacts
Windows forensic artifactsWindows forensic artifacts
Windows forensic artifacts
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Log
 
Uniform Domain Name Dispute Resolution
Uniform Domain Name Dispute ResolutionUniform Domain Name Dispute Resolution
Uniform Domain Name Dispute Resolution
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Introduction to filesystems and computer forensics
Introduction to filesystems and computer forensicsIntroduction to filesystems and computer forensics
Introduction to filesystems and computer forensics
 
computer forensics
computer forensicscomputer forensics
computer forensics
 
Tor Browser Forensics on Windows OS
Tor Browser Forensics on Windows OSTor Browser Forensics on Windows OS
Tor Browser Forensics on Windows OS
 
Email Forensics
Email ForensicsEmail Forensics
Email Forensics
 
Windowsforensics
WindowsforensicsWindowsforensics
Windowsforensics
 
computer forensics
computer forensicscomputer forensics
computer forensics
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
 

Destaque

Digital forensics research: The next 10 years
Digital forensics research: The next 10 yearsDigital forensics research: The next 10 years
Digital forensics research: The next 10 yearsMehedi Hasan
 
Alphorm.com Support de la Formation Windows 10 Troubleshootings partie 1
Alphorm.com Support de la Formation Windows 10 Troubleshootings partie 1Alphorm.com Support de la Formation Windows 10 Troubleshootings partie 1
Alphorm.com Support de la Formation Windows 10 Troubleshootings partie 1Alphorm
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
10 Tips for Making Beautiful Slideshow Presentations by www.visuali.se
10 Tips for Making Beautiful Slideshow Presentations by www.visuali.se10 Tips for Making Beautiful Slideshow Presentations by www.visuali.se
10 Tips for Making Beautiful Slideshow Presentations by www.visuali.seEdahn Small
 
Windows 10 in 10 Minutes
Windows 10 in 10 MinutesWindows 10 in 10 Minutes
Windows 10 in 10 MinutesHemant Prasad
 

Destaque (8)

Digital forensics research: The next 10 years
Digital forensics research: The next 10 yearsDigital forensics research: The next 10 years
Digital forensics research: The next 10 years
 
Alphorm.com Support de la Formation Windows 10 Troubleshootings partie 1
Alphorm.com Support de la Formation Windows 10 Troubleshootings partie 1Alphorm.com Support de la Formation Windows 10 Troubleshootings partie 1
Alphorm.com Support de la Formation Windows 10 Troubleshootings partie 1
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
An introduction to Windows 10
An introduction to Windows 10 An introduction to Windows 10
An introduction to Windows 10
 
Windows 10
Windows 10Windows 10
Windows 10
 
10 Tips for Making Beautiful Slideshow Presentations by www.visuali.se
10 Tips for Making Beautiful Slideshow Presentations by www.visuali.se10 Tips for Making Beautiful Slideshow Presentations by www.visuali.se
10 Tips for Making Beautiful Slideshow Presentations by www.visuali.se
 
Windows 10 in 10 Minutes
Windows 10 in 10 MinutesWindows 10 in 10 Minutes
Windows 10 in 10 Minutes
 

Semelhante a Chetan-Mining_Digital_Evidence_in_Microsoft_Windows

Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009ClubHack
 
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationMacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationOlehLevytskyi1
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaCTIN
 
Vista Forensics
Vista ForensicsVista Forensics
Vista ForensicsCTIN
 
Lecture-1-Windows-Artefacts.pdf
Lecture-1-Windows-Artefacts.pdfLecture-1-Windows-Artefacts.pdf
Lecture-1-Windows-Artefacts.pdfssuserfd0132
 
Leveraging NTFS Timeline Forensics during the Analysis of Malware
Leveraging NTFS Timeline Forensics during the Analysis of MalwareLeveraging NTFS Timeline Forensics during the Analysis of Malware
Leveraging NTFS Timeline Forensics during the Analysis of Malwaretmugherini
 
2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - public2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - publicSandro Suffert
 
Discovering Windows Phone 8 Artifacts and Secrets
Discovering Windows Phone 8 Artifacts and Secrets Discovering Windows Phone 8 Artifacts and Secrets
Discovering Windows Phone 8 Artifacts and Secrets Reality Net System Solutions
 
Cybercrime & Computer Forensics - ISBA Master Series CLE, Nov 18, 2011
Cybercrime & Computer Forensics - ISBA Master Series CLE, Nov 18, 2011Cybercrime & Computer Forensics - ISBA Master Series CLE, Nov 18, 2011
Cybercrime & Computer Forensics - ISBA Master Series CLE, Nov 18, 2011John Bambenek
 
Windows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility FrameworkWindows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility FrameworkKapil Soni
 
Digital Forensics in the Archive
Digital Forensics in the ArchiveDigital Forensics in the Archive
Digital Forensics in the ArchiveGarethKnight
 
Operatingsystems
Operatingsystems Operatingsystems
Operatingsystems kuldeepy60
 
AntiForensics - Leveraging OS and File System Artifacts.pdf
AntiForensics - Leveraging OS and File System Artifacts.pdfAntiForensics - Leveraging OS and File System Artifacts.pdf
AntiForensics - Leveraging OS and File System Artifacts.pdfekobelasting
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfGnanavi2
 
Cross-Platform File System Activity Monitoring and Forensics - A Semantic App...
Cross-Platform File System Activity Monitoring and Forensics - A Semantic App...Cross-Platform File System Activity Monitoring and Forensics - A Semantic App...
Cross-Platform File System Activity Monitoring and Forensics - A Semantic App...Kabul Kurniawan
 
Windows Registry Analysis
Windows Registry AnalysisWindows Registry Analysis
Windows Registry AnalysisHimanshu0734
 

Semelhante a Chetan-Mining_Digital_Evidence_in_Microsoft_Windows (20)

Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
 
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationMacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troyla
 
Vista Forensics
Vista ForensicsVista Forensics
Vista Forensics
 
Lecture-1-Windows-Artefacts.pdf
Lecture-1-Windows-Artefacts.pdfLecture-1-Windows-Artefacts.pdf
Lecture-1-Windows-Artefacts.pdf
 
Leveraging NTFS Timeline Forensics during the Analysis of Malware
Leveraging NTFS Timeline Forensics during the Analysis of MalwareLeveraging NTFS Timeline Forensics during the Analysis of Malware
Leveraging NTFS Timeline Forensics during the Analysis of Malware
 
2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - public2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - public
 
Discovering Windows Phone 8 Artifacts and Secrets
Discovering Windows Phone 8 Artifacts and Secrets Discovering Windows Phone 8 Artifacts and Secrets
Discovering Windows Phone 8 Artifacts and Secrets
 
Cybercrime & Computer Forensics - ISBA Master Series CLE, Nov 18, 2011
Cybercrime & Computer Forensics - ISBA Master Series CLE, Nov 18, 2011Cybercrime & Computer Forensics - ISBA Master Series CLE, Nov 18, 2011
Cybercrime & Computer Forensics - ISBA Master Series CLE, Nov 18, 2011
 
Windows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility FrameworkWindows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility Framework
 
Windows forensic
Windows forensicWindows forensic
Windows forensic
 
Operating systems
Operating systemsOperating systems
Operating systems
 
Digital Forensics in the Archive
Digital Forensics in the ArchiveDigital Forensics in the Archive
Digital Forensics in the Archive
 
Operatingsystems
Operatingsystems Operatingsystems
Operatingsystems
 
AntiForensics - Leveraging OS and File System Artifacts.pdf
AntiForensics - Leveraging OS and File System Artifacts.pdfAntiForensics - Leveraging OS and File System Artifacts.pdf
AntiForensics - Leveraging OS and File System Artifacts.pdf
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdf
 
File000173
File000173File000173
File000173
 
Cross-Platform File System Activity Monitoring and Forensics - A Semantic App...
Cross-Platform File System Activity Monitoring and Forensics - A Semantic App...Cross-Platform File System Activity Monitoring and Forensics - A Semantic App...
Cross-Platform File System Activity Monitoring and Forensics - A Semantic App...
 
INT 1010 04-3.pdf
INT 1010 04-3.pdfINT 1010 04-3.pdf
INT 1010 04-3.pdf
 
Windows Registry Analysis
Windows Registry AnalysisWindows Registry Analysis
Windows Registry Analysis
 

Mais de guest66dc5f

Os Timed Original
Os Timed OriginalOs Timed Original
Os Timed Originalguest66dc5f
 
Control your entire house with your iPhone
Control your entire house with your iPhoneControl your entire house with your iPhone
Control your entire house with your iPhoneguest66dc5f
 
Awesome car collection
Awesome car collectionAwesome car collection
Awesome car collectionguest66dc5f
 
Freaky car number plates
Freaky car number platesFreaky car number plates
Freaky car number platesguest66dc5f
 
Sunil-Hacking_firefox
Sunil-Hacking_firefoxSunil-Hacking_firefox
Sunil-Hacking_firefoxguest66dc5f
 
Rahul-Analysis_of_Adversarial_Code
Rahul-Analysis_of_Adversarial_CodeRahul-Analysis_of_Adversarial_Code
Rahul-Analysis_of_Adversarial_Codeguest66dc5f
 
WHITEPAPER-7_years_of_Indian_Cyber_Law
WHITEPAPER-7_years_of_Indian_Cyber_LawWHITEPAPER-7_years_of_Indian_Cyber_Law
WHITEPAPER-7_years_of_Indian_Cyber_Lawguest66dc5f
 
Rohas-7_years_of_indian_cyber_laws
Rohas-7_years_of_indian_cyber_lawsRohas-7_years_of_indian_cyber_laws
Rohas-7_years_of_indian_cyber_lawsguest66dc5f
 
Shreeraj-Hacking_Web_2
Shreeraj-Hacking_Web_2Shreeraj-Hacking_Web_2
Shreeraj-Hacking_Web_2guest66dc5f
 
Dror-Crazy_toaster
Dror-Crazy_toasterDror-Crazy_toaster
Dror-Crazy_toasterguest66dc5f
 
Ajit-Legiment_Techniques
Ajit-Legiment_TechniquesAjit-Legiment_Techniques
Ajit-Legiment_Techniquesguest66dc5f
 
Varun-Subtle_Security_flaws
Varun-Subtle_Security_flawsVarun-Subtle_Security_flaws
Varun-Subtle_Security_flawsguest66dc5f
 
longisland_golf_07
longisland_golf_07longisland_golf_07
longisland_golf_07guest66dc5f
 
GolfLakeCity_002
GolfLakeCity_002GolfLakeCity_002
GolfLakeCity_002guest66dc5f
 

Mais de guest66dc5f (20)

Os Timed Original
Os Timed OriginalOs Timed Original
Os Timed Original
 
Control your entire house with your iPhone
Control your entire house with your iPhoneControl your entire house with your iPhone
Control your entire house with your iPhone
 
Awesome car collection
Awesome car collectionAwesome car collection
Awesome car collection
 
Freaky car number plates
Freaky car number platesFreaky car number plates
Freaky car number plates
 
David-FPGA
David-FPGADavid-FPGA
David-FPGA
 
Sunil-Hacking_firefox
Sunil-Hacking_firefoxSunil-Hacking_firefox
Sunil-Hacking_firefox
 
Rahul-Analysis_of_Adversarial_Code
Rahul-Analysis_of_Adversarial_CodeRahul-Analysis_of_Adversarial_Code
Rahul-Analysis_of_Adversarial_Code
 
WHITEPAPER-7_years_of_Indian_Cyber_Law
WHITEPAPER-7_years_of_Indian_Cyber_LawWHITEPAPER-7_years_of_Indian_Cyber_Law
WHITEPAPER-7_years_of_Indian_Cyber_Law
 
Rohas-7_years_of_indian_cyber_laws
Rohas-7_years_of_indian_cyber_lawsRohas-7_years_of_indian_cyber_laws
Rohas-7_years_of_indian_cyber_laws
 
David-FPGA
David-FPGADavid-FPGA
David-FPGA
 
Shreeraj-Hacking_Web_2
Shreeraj-Hacking_Web_2Shreeraj-Hacking_Web_2
Shreeraj-Hacking_Web_2
 
Dror-Crazy_toaster
Dror-Crazy_toasterDror-Crazy_toaster
Dror-Crazy_toaster
 
Ajit-Legiment_Techniques
Ajit-Legiment_TechniquesAjit-Legiment_Techniques
Ajit-Legiment_Techniques
 
Varun-Subtle_Security_flaws
Varun-Subtle_Security_flawsVarun-Subtle_Security_flaws
Varun-Subtle_Security_flaws
 
CostofWarinIraq
CostofWarinIraqCostofWarinIraq
CostofWarinIraq
 
NR-golf-sept07
NR-golf-sept07NR-golf-sept07
NR-golf-sept07
 
NR-golf-sept07
NR-golf-sept07NR-golf-sept07
NR-golf-sept07
 
golf
golfgolf
golf
 
longisland_golf_07
longisland_golf_07longisland_golf_07
longisland_golf_07
 
GolfLakeCity_002
GolfLakeCity_002GolfLakeCity_002
GolfLakeCity_002
 

Último

+97470301568>>buy weed in qatar,buy thc oil in qatar doha>>buy cannabis oil i...
+97470301568>>buy weed in qatar,buy thc oil in qatar doha>>buy cannabis oil i...+97470301568>>buy weed in qatar,buy thc oil in qatar doha>>buy cannabis oil i...
+97470301568>>buy weed in qatar,buy thc oil in qatar doha>>buy cannabis oil i...Health
 
fundamentals of corporate finance 11th canadian edition test bank.docx
fundamentals of corporate finance 11th canadian edition test bank.docxfundamentals of corporate finance 11th canadian edition test bank.docx
fundamentals of corporate finance 11th canadian edition test bank.docxssuserf63bd7
 
abortion pills in Riyadh Saudi Arabia (+919707899604)cytotec pills in dammam
abortion pills in Riyadh Saudi Arabia (+919707899604)cytotec pills in dammamabortion pills in Riyadh Saudi Arabia (+919707899604)cytotec pills in dammam
abortion pills in Riyadh Saudi Arabia (+919707899604)cytotec pills in dammamsamsungultra782445
 
Avoidable Errors in Payroll Compliance for Payroll Services Providers - Globu...
Avoidable Errors in Payroll Compliance for Payroll Services Providers - Globu...Avoidable Errors in Payroll Compliance for Payroll Services Providers - Globu...
Avoidable Errors in Payroll Compliance for Payroll Services Providers - Globu...globusfinanza
 
Famous Kala Jadu, Black magic expert in Faisalabad and Kala ilam specialist i...
Famous Kala Jadu, Black magic expert in Faisalabad and Kala ilam specialist i...Famous Kala Jadu, Black magic expert in Faisalabad and Kala ilam specialist i...
Famous Kala Jadu, Black magic expert in Faisalabad and Kala ilam specialist i...batoole333
 
MASTERING FOREX: STRATEGIES FOR SUCCESS.pdf
MASTERING FOREX: STRATEGIES FOR SUCCESS.pdfMASTERING FOREX: STRATEGIES FOR SUCCESS.pdf
MASTERING FOREX: STRATEGIES FOR SUCCESS.pdfCocity Enterprises
 
Famous No1 Amil Baba Love marriage Astrologer Specialist Expert In Pakistan a...
Famous No1 Amil Baba Love marriage Astrologer Specialist Expert In Pakistan a...Famous No1 Amil Baba Love marriage Astrologer Specialist Expert In Pakistan a...
Famous No1 Amil Baba Love marriage Astrologer Specialist Expert In Pakistan a...janibaber266
 
Seeman_Fiintouch_LLP_Newsletter_May-2024.pdf
Seeman_Fiintouch_LLP_Newsletter_May-2024.pdfSeeman_Fiintouch_LLP_Newsletter_May-2024.pdf
Seeman_Fiintouch_LLP_Newsletter_May-2024.pdfAshis Kumar Dey
 
Bhubaneswar🌹Ravi Tailkes ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswar ...
Bhubaneswar🌹Ravi Tailkes ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswar ...Bhubaneswar🌹Ravi Tailkes ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswar ...
Bhubaneswar🌹Ravi Tailkes ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswar ...Call Girls Mumbai
 
abortion pills in Jeddah Saudi Arabia (+919707899604)cytotec pills in Riyadh
abortion pills in Jeddah Saudi Arabia (+919707899604)cytotec pills in Riyadhabortion pills in Jeddah Saudi Arabia (+919707899604)cytotec pills in Riyadh
abortion pills in Jeddah Saudi Arabia (+919707899604)cytotec pills in Riyadhsamsungultra782445
 
Pension dashboards forum 1 May 2024 (1).pdf
Pension dashboards forum 1 May 2024 (1).pdfPension dashboards forum 1 May 2024 (1).pdf
Pension dashboards forum 1 May 2024 (1).pdfHenry Tapper
 
Female Escorts Service in Hyderabad Starting with 5000/- for Savita Escorts S...
Female Escorts Service in Hyderabad Starting with 5000/- for Savita Escorts S...Female Escorts Service in Hyderabad Starting with 5000/- for Savita Escorts S...
Female Escorts Service in Hyderabad Starting with 5000/- for Savita Escorts S...kajalverma014
 
Economics Presentation-2.pdf xxjshshsjsjsjwjw
Economics Presentation-2.pdf xxjshshsjsjsjwjwEconomics Presentation-2.pdf xxjshshsjsjsjwjw
Economics Presentation-2.pdf xxjshshsjsjsjwjwmordockmatt25
 
Law of Demand.pptxnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn
Law of Demand.pptxnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnLaw of Demand.pptxnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn
Law of Demand.pptxnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnTintoTom3
 
falcon-invoice-discounting-unlocking-prime-investment-opportunities
falcon-invoice-discounting-unlocking-prime-investment-opportunitiesfalcon-invoice-discounting-unlocking-prime-investment-opportunities
falcon-invoice-discounting-unlocking-prime-investment-opportunitiesFalcon Invoice Discounting
 
Technology industry / Finnish economic outlook
Technology industry / Finnish economic outlookTechnology industry / Finnish economic outlook
Technology industry / Finnish economic outlookTechFinland
 
Mahendragarh Escorts 🥰 8617370543 Call Girls Offer VIP Hot Girls
Mahendragarh Escorts 🥰 8617370543 Call Girls Offer VIP Hot GirlsMahendragarh Escorts 🥰 8617370543 Call Girls Offer VIP Hot Girls
Mahendragarh Escorts 🥰 8617370543 Call Girls Offer VIP Hot GirlsDeepika Singh
 
Webinar on E-Invoicing for Fintech Belgium
Webinar on E-Invoicing for Fintech BelgiumWebinar on E-Invoicing for Fintech Belgium
Webinar on E-Invoicing for Fintech BelgiumFinTech Belgium
 
Call Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budgetCall Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budgetSareena Khatun
 
20240419-SMC-submission-Annual-Superannuation-Performance-Test-–-design-optio...
20240419-SMC-submission-Annual-Superannuation-Performance-Test-–-design-optio...20240419-SMC-submission-Annual-Superannuation-Performance-Test-–-design-optio...
20240419-SMC-submission-Annual-Superannuation-Performance-Test-–-design-optio...Henry Tapper
 

Último (20)

+97470301568>>buy weed in qatar,buy thc oil in qatar doha>>buy cannabis oil i...
+97470301568>>buy weed in qatar,buy thc oil in qatar doha>>buy cannabis oil i...+97470301568>>buy weed in qatar,buy thc oil in qatar doha>>buy cannabis oil i...
+97470301568>>buy weed in qatar,buy thc oil in qatar doha>>buy cannabis oil i...
 
fundamentals of corporate finance 11th canadian edition test bank.docx
fundamentals of corporate finance 11th canadian edition test bank.docxfundamentals of corporate finance 11th canadian edition test bank.docx
fundamentals of corporate finance 11th canadian edition test bank.docx
 
abortion pills in Riyadh Saudi Arabia (+919707899604)cytotec pills in dammam
abortion pills in Riyadh Saudi Arabia (+919707899604)cytotec pills in dammamabortion pills in Riyadh Saudi Arabia (+919707899604)cytotec pills in dammam
abortion pills in Riyadh Saudi Arabia (+919707899604)cytotec pills in dammam
 
Avoidable Errors in Payroll Compliance for Payroll Services Providers - Globu...
Avoidable Errors in Payroll Compliance for Payroll Services Providers - Globu...Avoidable Errors in Payroll Compliance for Payroll Services Providers - Globu...
Avoidable Errors in Payroll Compliance for Payroll Services Providers - Globu...
 
Famous Kala Jadu, Black magic expert in Faisalabad and Kala ilam specialist i...
Famous Kala Jadu, Black magic expert in Faisalabad and Kala ilam specialist i...Famous Kala Jadu, Black magic expert in Faisalabad and Kala ilam specialist i...
Famous Kala Jadu, Black magic expert in Faisalabad and Kala ilam specialist i...
 
MASTERING FOREX: STRATEGIES FOR SUCCESS.pdf
MASTERING FOREX: STRATEGIES FOR SUCCESS.pdfMASTERING FOREX: STRATEGIES FOR SUCCESS.pdf
MASTERING FOREX: STRATEGIES FOR SUCCESS.pdf
 
Famous No1 Amil Baba Love marriage Astrologer Specialist Expert In Pakistan a...
Famous No1 Amil Baba Love marriage Astrologer Specialist Expert In Pakistan a...Famous No1 Amil Baba Love marriage Astrologer Specialist Expert In Pakistan a...
Famous No1 Amil Baba Love marriage Astrologer Specialist Expert In Pakistan a...
 
Seeman_Fiintouch_LLP_Newsletter_May-2024.pdf
Seeman_Fiintouch_LLP_Newsletter_May-2024.pdfSeeman_Fiintouch_LLP_Newsletter_May-2024.pdf
Seeman_Fiintouch_LLP_Newsletter_May-2024.pdf
 
Bhubaneswar🌹Ravi Tailkes ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswar ...
Bhubaneswar🌹Ravi Tailkes ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswar ...Bhubaneswar🌹Ravi Tailkes ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswar ...
Bhubaneswar🌹Ravi Tailkes ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswar ...
 
abortion pills in Jeddah Saudi Arabia (+919707899604)cytotec pills in Riyadh
abortion pills in Jeddah Saudi Arabia (+919707899604)cytotec pills in Riyadhabortion pills in Jeddah Saudi Arabia (+919707899604)cytotec pills in Riyadh
abortion pills in Jeddah Saudi Arabia (+919707899604)cytotec pills in Riyadh
 
Pension dashboards forum 1 May 2024 (1).pdf
Pension dashboards forum 1 May 2024 (1).pdfPension dashboards forum 1 May 2024 (1).pdf
Pension dashboards forum 1 May 2024 (1).pdf
 
Female Escorts Service in Hyderabad Starting with 5000/- for Savita Escorts S...
Female Escorts Service in Hyderabad Starting with 5000/- for Savita Escorts S...Female Escorts Service in Hyderabad Starting with 5000/- for Savita Escorts S...
Female Escorts Service in Hyderabad Starting with 5000/- for Savita Escorts S...
 
Economics Presentation-2.pdf xxjshshsjsjsjwjw
Economics Presentation-2.pdf xxjshshsjsjsjwjwEconomics Presentation-2.pdf xxjshshsjsjsjwjw
Economics Presentation-2.pdf xxjshshsjsjsjwjw
 
Law of Demand.pptxnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn
Law of Demand.pptxnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnLaw of Demand.pptxnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn
Law of Demand.pptxnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn
 
falcon-invoice-discounting-unlocking-prime-investment-opportunities
falcon-invoice-discounting-unlocking-prime-investment-opportunitiesfalcon-invoice-discounting-unlocking-prime-investment-opportunities
falcon-invoice-discounting-unlocking-prime-investment-opportunities
 
Technology industry / Finnish economic outlook
Technology industry / Finnish economic outlookTechnology industry / Finnish economic outlook
Technology industry / Finnish economic outlook
 
Mahendragarh Escorts 🥰 8617370543 Call Girls Offer VIP Hot Girls
Mahendragarh Escorts 🥰 8617370543 Call Girls Offer VIP Hot GirlsMahendragarh Escorts 🥰 8617370543 Call Girls Offer VIP Hot Girls
Mahendragarh Escorts 🥰 8617370543 Call Girls Offer VIP Hot Girls
 
Webinar on E-Invoicing for Fintech Belgium
Webinar on E-Invoicing for Fintech BelgiumWebinar on E-Invoicing for Fintech Belgium
Webinar on E-Invoicing for Fintech Belgium
 
Call Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budgetCall Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budget
 
20240419-SMC-submission-Annual-Superannuation-Performance-Test-–-design-optio...
20240419-SMC-submission-Annual-Superannuation-Performance-Test-–-design-optio...20240419-SMC-submission-Annual-Superannuation-Performance-Test-–-design-optio...
20240419-SMC-submission-Annual-Superannuation-Performance-Test-–-design-optio...
 

Chetan-Mining_Digital_Evidence_in_Microsoft_Windows

  • 1. Mining Digital Evidence in Microsoft Windows – Answering Who, When, Why and How?
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7. Tip of the “Digital” Iceberg Data as seen by a casual observer using common tools (Explorer Window, cmd shell, web browser etc. ) Data as seen by Forensic Investigators using his sophisticated toolkit. May include deleted data, hidden data, unauthorized information and records of illegal activity!
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 22.
  • 23.
  • 24. PA Spool Viewer – view .shd files Splview.exe - available at http:// undocprint.printassociates.com This tool allows you to view the metadata of the print job!
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.