A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Deleted Evidence: Fill in the Map to Luke Skywalker - David Pany Bloomcon 2017 (Hacking Illustrated Series InfoSec Tutorial Videos)

Deleted Evidence: Fill in the Map to Luke Skywalker
David Pany

Bloomcon 2017

This presentation will describe forensic artifacts that track activity on the NTFS file system, and how to leverage these artifacts during investigations when evidence has been deleted or partially stored in a BB-8. We will discuss artifacts such as the $UsnJrnl, INDX, Windows Defender Log, OBJECTS.DATA, and how to use these data artifacts to determine attacker activity, or find hidden Jedi temples.

Back to Bloomcon 2017 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast