Explore >> Select a destination
|
You are here 
|
bohops.com | ||
| | | | |
countuponsecurity.com
|
|
| | | | | Following our last article about the Prefetch artifacts we will now move into the Windows Registry. When conducting incident response and digital forensics on Windows operating systems one of the sources of evidence that is normally part of every investigation is the Windows Registry. The Windows Registry is an important component of the OS and... | |
| | | | |
thinkdfir.com
|
|
| | | | | In preparation for an upcoming FOR500 class I thought I would test out one of the recent additions to the class. This post by my colleague Zach shows that Win10 1903 and later has a registry key that will store the full path of any executable that utilises the computers camera or microphone. Zach shows... | |
| | | | |
www.khyrenz.com
|
|
| | | | | Let me start by saying that, yes: many tools already exist to parse information out of the Windows Registry and/or the Event Log. However, while I was conducting my own tool validation processes (see https://github.com/khyrenz/tool_validation), I realised that very few tools parse this information out and automatically populate the kind of table that I would be adding into my forensic report.So... I did a bit of R&D, and I present to you a Python script that does just that; creatively named pars | |
| | | | |
blog.redcrowlab.com
|
|
| | | Much of the time people engage in short term security testing such as penetration tests, vulnerability assessments, code reviews, etc. Often these are 1-2 weeks with some period for reporting. The approach to conducting these sorts of projects typically includes the following types of steps: * Heavy reliance on automated tools | ||
