Tag: DFIR
All posts tagged with "DFIR"
4N6Post Artifacts
Registry - SAM
SAM Database - Windows Security Account Manager Security Account Manager (SAM) database in short, is the critical components of Windows security β¦
MACB Timestamp Reference
MACB Forensic Timestamp Reference I put together a nice little post here detailing the behavior of MACB timestamps (Modified, Accessed, Changed, β¦
MRU (Most Recently Used)
The MRU (Most Recently Used) registry is a database in Microsoft Windows that stores information about recently opened files, URLs, and other items. β¦
Velociraptor - Endpoint Visibility & Digital Forensics
Velociraptor is a web-based tool designed for endpoint visibility and management. It provides a user-friendly interface for monitoring and managing β¦
Registry- Start, Shutdown, and Reboot
Windows Registry: System Start, Shutdown, and Reboot Tracking The Windows registry is a hierarchical database that stores configuration settings for β¦
ShimCache
ShimCache - Windows Application Compatibility Cache for Digital Forensics Shimcache is a Windows artifact that stores information about programs that β¦
Dream Server - DFIR
Example Direction: Lock Picking Lawyer Server Category Item Blue 1 Gmail in session of browser Blue 2 Email in URL of the payload download Blue 3 β¦
Key Replicator
Example Direction: Lock Picking Lawyer
Neck Tie Connection
Serial Connection Connection Type: Serial Baud Rate/Speed: 115200 Port: COM3 Client: PuTTY Reference Reverse Engineering of ESP32 Flash Dumps with β¦
Neck Tie QR Code
The Clock
Other Write-Up See SD Card Data for more information. Challenge Walkthrough 1. Splash Screen Flag When the device boots, a flag flashes very quickly β¦
The Rules
Warmups
Download mypcap.pcap Spoiler Command: bash 5 lines tshark -r mypcap.pcap -Tfields -e data \ | cut -c -2 \ | sed ':a;N;$!ba;s/\n/ /g' \ | sed β¦
Windows Install Date & Time
The Windows registry is a central repository of configuration data for the Windows operating system and its applications. One important aspect of the β¦
File and Folder Opening - Link Files (LNK)
Windows users are likely familiar with .lnk files, also known as LNK Link files. These files are shortcuts that point to another file or folder on the β¦
JumpList Forensics
JumpList Forensics JumpList is a feature of Microsoft Windows operating systems that allows users to quickly access frequently used files, folders, β¦
MFT
MFT Analysis - Master File Table Forensics Guide The $MFT, or Master File Table, plays a crucial role in the NTFS (New Technology File System) β¦
Prefetch
Windows Prefetch Analysis - Digital Forensics Execution Tracking Windows Prefetch is a feature in the Windows operating system that was first β¦
Recycling.Bin / Recycler
The Recycling Bin is a well-known feature in Windows operating systems that acts as a temporary storage location for deleted files. However, what many β¦
SysInternals Tools Registry Forensics
SysInternals Tools - Registry Forensics and Analysis What is SysInternals? SysInternals is a suite of advanced system utilities for Microsoft Windows β¦
TimeZone Information
The Windows registry is a critical component of the Windows operating system. It stores important configuration data and settings that help the β¦
TypedPath Registry
Registry Section of TypedPath: Understanding Its Importance in Digital Forensics The registry is an important aspect of a computer’s operating β¦
Windows Border Size Modification
Exploring Windows Border Size Modification Welcome to our exploration of a subtle yet impactful customization in the Windows operating system. Today, β¦
Windows Generic Installation Keys
SOURCE: https://www.windowsafg.com/keys.html This is just a copy of the data from the source windowafg. I make a copy so that others can find it. β¦
Windows USB Connection Analysis
USB connections are a commonly used method for transferring data between computers and other electronic devices. In Windows, the use of USB β¦
WMI Filter Query Consumer
Windows Management Instrumentation (WMI) is a Microsoft technology that provides a unified way of managing Windows operating systems and applications. β¦
WordWheelQuery
The Registry Section of WordWheelQuery: An Overview for Digital Forensic Investigators The WordWheelQuery registry section is a critical component for β¦
Hackademy β Authorization 1
Check the html Or in the PCAP:
Portobello 53 - Denial (2 of 2)
Context Why do you need DNS logs anyway? We both know that DNS servers are just address books of Internet resources and Iβve never seen anyone abuse a β¦