SlideShare a Scribd company logo

Vista Forensics

CTIN
CTIN
Technology
1 of 74
Vista Forensics (Before Windows 7 Changes Things) Troy Larson Microsoft Corporation
Operating System Artifacts ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],File Systems Fvevol.sys Volume Manager Application Artifacts OS Artifacts
The New Recycle Bin ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The New Recycle Bin
The New Recycle Bin Note the deleted date (in blue). $MFT FRS of $IWYOWJ2.docx
The New Recycle Bin $MFT FRS of $RWYOWJ2.docx
The New Recycle Bin First cluster of $RWYOWJ2.docx
EFS Enhancements ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],HKEY_LOCAL_MACHINEYSTEMontrolSet001ontrolileSystemtfsEncryptPagingFile If value=1 the page file is encrypted.
Default Folder Organization The legacy folders are junction links to the new folders. To navigate, follow the links.
Default Folder Organization ,[object Object],[object Object],[object Object]
Default Folder Organization ,[object Object]
Special Folders: IE Protected Mode IE Protected Mode http://msdn.microsoft.com/en-us/library/bb250462.aspx
File and Folder Virtualization ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],UAC References http://msdn.microsoft.com/en-us/library/bb756883.aspx
File and Folder Virtualization
Registry Virtualization ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Registry Virtualization The virtualized registry entries are stored here.
Registry Virtualization ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Pstore-Protected Storage ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Transactional Registry ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Transactional Registry
Superfetch ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Superfetch ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Superfetch ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Superfetch
Superfetch ,[object Object]
Superfetch
Thumbcache
Thumbcache ,[object Object],[object Object],[object Object],[object Object]
Thumbcache ,[object Object],[object Object],[object Object],[object Object]
Thumbcache ,[object Object],[object Object]
Thumbcache ,[object Object],[object Object]
Thumbcache
Thumbcache ,[object Object]
Event Logs ,[object Object],[object Object],[object Object],[object Object]
Event Logs ,[object Object]
Event Logs ,[object Object],[object Object],[object Object],[object Object]
Setupapi.log The location of the setupapi.log file has been changed. The new location is: C:indowsNFetupapi.dev.log
Volume Shadow Copy ,[object Object],[object Object],[object Object],[object Object],[object Object]
Volume Shadow Copy ,[object Object],[object Object],[object Object],[object Object]
Volume Shadow Copy
Volume Shadow Copy
Volume Shadow Copy
Volume Shadow Copy vssadmin list shadows /for=[volume]:
Volume Shadow Copy
Volume Shadow Copy Shadow copies can be exposed through symbolic links.
Volume Shadow Copy Mklink /d C:test-shadow} ?LOBALROOTevicearddiskVolumeShadowCopy3
Volume Shadow Copy Shadow copy is addressed as ?LOBALROOTevicearddiskVolumeShadowCopy3
Volume Shadow Copy
Volume Shadow Copy
Volume Shadow Copy Shadow copies can be mounted as volumes using dosdev.exe.
Volume Shadow Copy Dosdev y: ?LOBALROOTevicearddiskVolumeShadowCopy2
Volume Shadow Copy Shadow copy is addressed as ?LOBALROOTevicearddiskVolumeShadowCopy2
Volume Shadow Copy
Volume Shadow Copy ,[object Object]
Volume Shadow Copy ,[object Object]
Volume Shadow Copy ,[object Object]
Volume Shadow Copy
Volume Shadow Copy
Volume Shadow Copy
Volume Shadow Copy ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Volume Shadow Copy Shadow copies can be imaged.
Volume Shadow Copy dd.Exe –v if= .arddiskVolumeShadowCopy4 of=K:hadow4.dd --localwrt
Volume Shadow Copy Shadow copy is addressed as .arddiskVolumeShadowCopy4
Volume Shadow Copy Images of shadow copies can be opened in forensics tools and appear as logical volumes.
Volume Shadow Copy
Volume Shadow Copy Compare the imaged version to the mounted shadow copy.
Volume Shadow Copy Deleted data is captured by shadow copies, and is available for retrieval in shadow copy images.
Volume Shadow Copy Every shadow copy data set should approximate the size of the original volume. Thus, a conundrum: How to gather all the shadow copy data? Amount of case data=(number of shadow copies) x (size of the volume)+(size of the volume).
Volume Shadow Copy ,[object Object],[object Object],[object Object],[object Object]
Volume Shadow Copy ,[object Object]
Volume Shadow Copy ,[object Object],Vhdmount /m “E:SSTest.vhd”
Volume Shadow Copy
Volume Shadow Copy ,[object Object],[object Object],[object Object],[object Object],[object Object]
Finally

Recommended

Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3CTIN
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsBrent Muir
 
Windows 7 forensics jump lists-rv3-public
Windows 7 forensics jump lists-rv3-publicWindows 7 forensics jump lists-rv3-public
Windows 7 forensics jump lists-rv3-publicCTIN
 
Time Stamp Analysis of Windows Systems
Time Stamp Analysis of Windows SystemsTime Stamp Analysis of Windows Systems
Time Stamp Analysis of Windows SystemsCTIN
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Brent Muir
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaCTIN
 
Windows 7 forensics thumbnail-dtl-r4
Windows 7 forensics thumbnail-dtl-r4Windows 7 forensics thumbnail-dtl-r4
Windows 7 forensics thumbnail-dtl-r4CTIN
 
Windows forensic
Windows forensicWindows forensic
Windows forensicMD SAQUIB KHAN
 

Recommended

Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3CTIN
 
Windows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsWindows 10 Forensics: OS Evidentiary Artefacts
Windows 10 Forensics: OS Evidentiary ArtefactsBrent Muir
 
Windows 7 forensics jump lists-rv3-public
Windows 7 forensics jump lists-rv3-publicWindows 7 forensics jump lists-rv3-public
Windows 7 forensics jump lists-rv3-publicCTIN
 
Time Stamp Analysis of Windows Systems
Time Stamp Analysis of Windows SystemsTime Stamp Analysis of Windows Systems
Time Stamp Analysis of Windows SystemsCTIN
 
Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Windows 8.x Forensics 1.0
Windows 8.x Forensics 1.0Brent Muir
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaCTIN
 
Windows 7 forensics thumbnail-dtl-r4
Windows 7 forensics thumbnail-dtl-r4Windows 7 forensics thumbnail-dtl-r4
Windows 7 forensics thumbnail-dtl-r4CTIN
 
Windows forensic
Windows forensicWindows forensic
Windows forensicMD SAQUIB KHAN
 
Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3CTIN
 
Windows Forensics
Windows ForensicsWindows Forensics
Windows ForensicsPrince Boonlia
 
Disk forensics
Disk forensicsDisk forensics
Disk forensicsChiawei Wang
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolBrent Muir
 
Windows RT Evidentiary Artefacts 1.0
Windows RT Evidentiary Artefacts 1.0Windows RT Evidentiary Artefacts 1.0
Windows RT Evidentiary Artefacts 1.0Brent Muir
 
Registry forensics
Registry forensicsRegistry forensics
Registry forensicsPrince Boonlia
 
Windowsforensics
WindowsforensicsWindowsforensics
WindowsforensicsSantosh Khadsare
 
Windows forensic artifacts
Windows forensic artifactsWindows forensic artifacts
Windows forensic artifactsn|u - The Open Security Community
 
Linux Forensics
Linux ForensicsLinux Forensics
Linux ForensicsSantosh Khadsare
 
Windows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsWindows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsMike Spaulding
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensicsTaha İslam YILMAZ
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System ForensicsArunJS5
 
In-depth forensic analysis of Windows registry files
In-depth forensic analysis of Windows registry filesIn-depth forensic analysis of Windows registry files
In-depth forensic analysis of Windows registry filesMaxim Suhanov
 
Mac Forensics
Mac ForensicsMac Forensics
Mac ForensicsCTIN
 
2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - public2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - publicSandro Suffert
 
Tor Browser Forensics on Windows OS
Tor Browser Forensics on Windows OSTor Browser Forensics on Windows OS
Tor Browser Forensics on Windows OSReality Net System Solutions
 
Windows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility FrameworkWindows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility FrameworkKapil Soni
 
Ntfs forensics
Ntfs forensicsNtfs forensics
Ntfs forensicsn|u - The Open Security Community
 
Chetan-Mining_Digital_Evidence_in_Microsoft_Windows
Chetan-Mining_Digital_Evidence_in_Microsoft_WindowsChetan-Mining_Digital_Evidence_in_Microsoft_Windows
Chetan-Mining_Digital_Evidence_in_Microsoft_Windowsguest66dc5f
 
Encase V7 Presented by Guidance Software august 2011
Encase V7 Presented by Guidance Software august 2011Encase V7 Presented by Guidance Software august 2011
Encase V7 Presented by Guidance Software august 2011CTIN
 
Become an Internet Sleuth!
Become an Internet Sleuth!Become an Internet Sleuth!
Become an Internet Sleuth!Nearpod
 
File Management Presentation
File Management PresentationFile Management Presentation
File Management PresentationSgtMasterGunz
 

More Related Content

What's hot

Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3CTIN
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolBrent Muir
 
Windows RT Evidentiary Artefacts 1.0
Windows RT Evidentiary Artefacts 1.0Windows RT Evidentiary Artefacts 1.0
Windows RT Evidentiary Artefacts 1.0Brent Muir
 
Windows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsWindows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsMike Spaulding
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System ForensicsArunJS5
 
In-depth forensic analysis of Windows registry files
In-depth forensic analysis of Windows registry filesIn-depth forensic analysis of Windows registry files
In-depth forensic analysis of Windows registry filesMaxim Suhanov
 
Mac Forensics
Mac ForensicsMac Forensics
Mac ForensicsCTIN
 
2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - public2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - publicSandro Suffert
 
Windows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility FrameworkWindows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility FrameworkKapil Soni
 
Chetan-Mining_Digital_Evidence_in_Microsoft_Windows
Chetan-Mining_Digital_Evidence_in_Microsoft_WindowsChetan-Mining_Digital_Evidence_in_Microsoft_Windows
Chetan-Mining_Digital_Evidence_in_Microsoft_Windowsguest66dc5f
 
Encase V7 Presented by Guidance Software august 2011
Encase V7 Presented by Guidance Software august 2011Encase V7 Presented by Guidance Software august 2011
Encase V7 Presented by Guidance Software august 2011CTIN
 

What's hot (20)

Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3Windows 7 forensics -overview-r3
Windows 7 forensics -overview-r3
 
Windows Forensics
Windows ForensicsWindows Forensics
Windows Forensics
 
Disk forensics
Disk forensicsDisk forensics
Disk forensics
 
WinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage ToolWinFE: The (Almost) Perfect Triage Tool
WinFE: The (Almost) Perfect Triage Tool
 
Windows RT Evidentiary Artefacts 1.0
Windows RT Evidentiary Artefacts 1.0Windows RT Evidentiary Artefacts 1.0
Windows RT Evidentiary Artefacts 1.0
 
Registry forensics
Registry forensicsRegistry forensics
Registry forensics
 
Windowsforensics
WindowsforensicsWindowsforensics
Windowsforensics
 
Windows forensic artifacts
Windows forensic artifactsWindows forensic artifacts
Windows forensic artifacts
 
Linux Forensics
Linux ForensicsLinux Forensics
Linux Forensics
 
Windows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti ForensicsWindows 8 Forensics & Anti Forensics
Windows 8 Forensics & Anti Forensics
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensics
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System Forensics
 
In-depth forensic analysis of Windows registry files
In-depth forensic analysis of Windows registry filesIn-depth forensic analysis of Windows registry files
In-depth forensic analysis of Windows registry files
 
Mac Forensics
Mac ForensicsMac Forensics
Mac Forensics
 
2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - public2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - public
 
Tor Browser Forensics on Windows OS
Tor Browser Forensics on Windows OSTor Browser Forensics on Windows OS
Tor Browser Forensics on Windows OS
 
Windows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility FrameworkWindows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility Framework
 
Ntfs forensics
Ntfs forensicsNtfs forensics
Ntfs forensics
 
Chetan-Mining_Digital_Evidence_in_Microsoft_Windows
Chetan-Mining_Digital_Evidence_in_Microsoft_WindowsChetan-Mining_Digital_Evidence_in_Microsoft_Windows
Chetan-Mining_Digital_Evidence_in_Microsoft_Windows
 
Encase V7 Presented by Guidance Software august 2011
Encase V7 Presented by Guidance Software august 2011Encase V7 Presented by Guidance Software august 2011
Encase V7 Presented by Guidance Software august 2011
 

Viewers also liked

Become an Internet Sleuth!
Become an Internet Sleuth!Become an Internet Sleuth!
Become an Internet Sleuth!Nearpod
 
File Management Presentation
File Management PresentationFile Management Presentation
File Management PresentationSgtMasterGunz
 
Mounting virtual hard drives
Mounting virtual hard drivesMounting virtual hard drives
Mounting virtual hard drivesCTIN
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows SystemConferencias FIST
 
Edrm
EdrmEdrm
EdrmCTIN
 
Windows logging cheat sheet
Windows logging cheat sheetWindows logging cheat sheet
Windows logging cheat sheetMichael Gough
 
Raidprep
RaidprepRaidprep
RaidprepCTIN
 
Introduction to memory forensics
Introduction to memory forensicsIntroduction to memory forensics
Introduction to memory forensicsMarco Alamanni
 
Social Media Forensics for Investigators
Social Media Forensics for InvestigatorsSocial Media Forensics for Investigators
Social Media Forensics for InvestigatorsCase IQ
 
Anti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and preventionAnti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and preventionSeccuris Inc.
 
Live Forensics
Live ForensicsLive Forensics
Live ForensicsCTIN
 
Nra
NraNra
NraCTIN
 
Translating Geek To Attorneys It Security
Translating Geek To Attorneys It SecurityTranslating Geek To Attorneys It Security
Translating Geek To Attorneys It SecurityCTIN
 
Installation of Joomla on Windows XP
Installation of Joomla on Windows XPInstallation of Joomla on Windows XP
Installation of Joomla on Windows XPRupesh Kumar
 
NTFS file system
NTFS file systemNTFS file system
NTFS file systemRavi Yasas
 
Files and Folders in Windows 7
Files and Folders in Windows 7Files and Folders in Windows 7
Files and Folders in Windows 7RIAH ENCARNACION
 
Forensic Anaysis on Twitter
Forensic Anaysis on TwitterForensic Anaysis on Twitter
Forensic Anaysis on TwitterYansi Keim
 
F Database
F DatabaseF Database
F DatabaseCTIN
 

Viewers also liked (20)

Become an Internet Sleuth!
Become an Internet Sleuth!Become an Internet Sleuth!
Become an Internet Sleuth!
 
File Management Presentation
File Management PresentationFile Management Presentation
File Management Presentation
 
Mounting virtual hard drives
Mounting virtual hard drivesMounting virtual hard drives
Mounting virtual hard drives
 
Forensics of a Windows System
Forensics of a Windows SystemForensics of a Windows System
Forensics of a Windows System
 
Edrm
EdrmEdrm
Edrm
 
Windows logging cheat sheet
Windows logging cheat sheetWindows logging cheat sheet
Windows logging cheat sheet
 
Raidprep
RaidprepRaidprep
Raidprep
 
Introduction to memory forensics
Introduction to memory forensicsIntroduction to memory forensics
Introduction to memory forensics
 
Social Media Forensics for Investigators
Social Media Forensics for InvestigatorsSocial Media Forensics for Investigators
Social Media Forensics for Investigators
 
Anti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and preventionAnti-Forensics: Real world identification, analysis and prevention
Anti-Forensics: Real world identification, analysis and prevention
 
Live Forensics
Live ForensicsLive Forensics
Live Forensics
 
Nra
NraNra
Nra
 
File carving tools
File carving toolsFile carving tools
File carving tools
 
Translating Geek To Attorneys It Security
Translating Geek To Attorneys It SecurityTranslating Geek To Attorneys It Security
Translating Geek To Attorneys It Security
 
Installation of Joomla on Windows XP
Installation of Joomla on Windows XPInstallation of Joomla on Windows XP
Installation of Joomla on Windows XP
 
File system
File systemFile system
File system
 
NTFS file system
NTFS file systemNTFS file system
NTFS file system
 
Files and Folders in Windows 7
Files and Folders in Windows 7Files and Folders in Windows 7
Files and Folders in Windows 7
 
Forensic Anaysis on Twitter
Forensic Anaysis on TwitterForensic Anaysis on Twitter
Forensic Anaysis on Twitter
 
F Database
F DatabaseF Database
F Database
 

Similar to Vista Forensics

Windows Registry Analysis
Windows Registry AnalysisWindows Registry Analysis
Windows Registry AnalysisHimanshu0734
 
SANS Windows Artifact Analysis 2012
SANS Windows Artifact Analysis 2012SANS Windows Artifact Analysis 2012
SANS Windows Artifact Analysis 2012Rian Yulian
 
IIS 6 - General System Administration Overview
IIS 6 - General System Administration OverviewIIS 6 - General System Administration Overview
IIS 6 - General System Administration OverviewInformation Technology
 
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationMacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationOlehLevytskyi1
 
Vistaceic2007 from CEIC 2007
Vistaceic2007 from CEIC 2007Vistaceic2007 from CEIC 2007
Vistaceic2007 from CEIC 2007KarlFrank99
 
Root file system for embedded systems
Root file system for embedded systemsRoot file system for embedded systems
Root file system for embedded systemsalok pal
 
For the accompanying inquiries enter the answer and give complete expl.docx
For the accompanying inquiries enter the answer and give complete expl.docxFor the accompanying inquiries enter the answer and give complete expl.docx
For the accompanying inquiries enter the answer and give complete expl.docxedmundp8cgllams
 
Lesson 2 Understanding Linux File System
Lesson 2 Understanding Linux File SystemLesson 2 Understanding Linux File System
Lesson 2 Understanding Linux File SystemSadia Bashir
 
Windows for Everyone(Operating System)
Windows for Everyone(Operating System)Windows for Everyone(Operating System)
Windows for Everyone(Operating System)Waleed Khan
 
File systems virtualization in windows using mini filter drivers
File systems virtualization in windows using mini filter driversFile systems virtualization in windows using mini filter drivers
File systems virtualization in windows using mini filter driversMPNIKHIL
 
Data hiding and finding on Linux
Data hiding and finding on LinuxData hiding and finding on Linux
Data hiding and finding on LinuxAnton Chuvakin
 
16. Computer Systems Basic Software 2
16. Computer Systems Basic Software 216. Computer Systems Basic Software 2
16. Computer Systems Basic Software 2New Era University
 
Course 102: Lecture 2: Unwrapping Linux
Course 102: Lecture 2: Unwrapping Linux Course 102: Lecture 2: Unwrapping Linux
Course 102: Lecture 2: Unwrapping Linux Ahmed El-Arabawy
 
Asterisk (IP-PBX) CDR Log Rotation
Asterisk (IP-PBX) CDR Log RotationAsterisk (IP-PBX) CDR Log Rotation
Asterisk (IP-PBX) CDR Log RotationWilliam Lee
 
What Are You Looking ForThe variety of operating systems, appli.docx
What Are You Looking ForThe variety of operating systems, appli.docxWhat Are You Looking ForThe variety of operating systems, appli.docx
What Are You Looking ForThe variety of operating systems, appli.docxalanfhall8953
 
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009ClubHack
 

Similar to Vista Forensics (20)

Windows Registry Analysis
Windows Registry AnalysisWindows Registry Analysis
Windows Registry Analysis
 
Edubooktraining
EdubooktrainingEdubooktraining
Edubooktraining
 
SANS Windows Artifact Analysis 2012
SANS Windows Artifact Analysis 2012SANS Windows Artifact Analysis 2012
SANS Windows Artifact Analysis 2012
 
IIS 6 - General System Administration Overview
IIS 6 - General System Administration OverviewIIS 6 - General System Administration Overview
IIS 6 - General System Administration Overview
 
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationMacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
 
Vistaceic2007 from CEIC 2007
Vistaceic2007 from CEIC 2007Vistaceic2007 from CEIC 2007
Vistaceic2007 from CEIC 2007
 
Root file system for embedded systems
Root file system for embedded systemsRoot file system for embedded systems
Root file system for embedded systems
 
Unix Administration
Unix AdministrationUnix Administration
Unix Administration
 
Linux filesystemhierarchy
Linux filesystemhierarchyLinux filesystemhierarchy
Linux filesystemhierarchy
 
For the accompanying inquiries enter the answer and give complete expl.docx
For the accompanying inquiries enter the answer and give complete expl.docxFor the accompanying inquiries enter the answer and give complete expl.docx
For the accompanying inquiries enter the answer and give complete expl.docx
 
Lesson 2 Understanding Linux File System
Lesson 2 Understanding Linux File SystemLesson 2 Understanding Linux File System
Lesson 2 Understanding Linux File System
 
Windows for Everyone(Operating System)
Windows for Everyone(Operating System)Windows for Everyone(Operating System)
Windows for Everyone(Operating System)
 
File systems virtualization in windows using mini filter drivers
File systems virtualization in windows using mini filter driversFile systems virtualization in windows using mini filter drivers
File systems virtualization in windows using mini filter drivers
 
DFSNov1.pptx
DFSNov1.pptxDFSNov1.pptx
DFSNov1.pptx
 
Data hiding and finding on Linux
Data hiding and finding on LinuxData hiding and finding on Linux
Data hiding and finding on Linux
 
16. Computer Systems Basic Software 2
16. Computer Systems Basic Software 216. Computer Systems Basic Software 2
16. Computer Systems Basic Software 2
 
Course 102: Lecture 2: Unwrapping Linux
Course 102: Lecture 2: Unwrapping Linux Course 102: Lecture 2: Unwrapping Linux
Course 102: Lecture 2: Unwrapping Linux
 
Asterisk (IP-PBX) CDR Log Rotation
Asterisk (IP-PBX) CDR Log RotationAsterisk (IP-PBX) CDR Log Rotation
Asterisk (IP-PBX) CDR Log Rotation
 
What Are You Looking ForThe variety of operating systems, appli.docx
What Are You Looking ForThe variety of operating systems, appli.docxWhat Are You Looking ForThe variety of operating systems, appli.docx
What Are You Looking ForThe variety of operating systems, appli.docx
 
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
 

More from CTIN

Open Source Forensics
Open Source ForensicsOpen Source Forensics
Open Source ForensicsCTIN
 
Computer Searchs, Electronic Communication, Computer Trespass
Computer Searchs, Electronic Communication, Computer TrespassComputer Searchs, Electronic Communication, Computer Trespass
Computer Searchs, Electronic Communication, Computer TrespassCTIN
 
CyberCrime
CyberCrimeCyberCrime
CyberCrimeCTIN
 
Search Warrants
Search WarrantsSearch Warrants
Search WarrantsCTIN
 
Part6 Private Sector Concerns
Part6 Private Sector ConcernsPart6 Private Sector Concerns
Part6 Private Sector ConcernsCTIN
 
Sadfe2007
Sadfe2007Sadfe2007
Sadfe2007CTIN
 
Networking Overview
Networking OverviewNetworking Overview
Networking OverviewCTIN
 
M Compevid
M CompevidM Compevid
M CompevidCTIN
 
L Scope
L ScopeL Scope
L ScopeCTIN
 
Level1 Part8 End Of The Day
Level1 Part8 End Of The DayLevel1 Part8 End Of The Day
Level1 Part8 End Of The DayCTIN
 
Law Enforcement Role In Computing
Law Enforcement Role In ComputingLaw Enforcement Role In Computing
Law Enforcement Role In ComputingCTIN
 
Level1 Part7 Basic Investigations
Level1 Part7 Basic InvestigationsLevel1 Part7 Basic Investigations
Level1 Part7 Basic InvestigationsCTIN
 
K Ai
K AiK Ai
K AiCTIN
 
July132000
July132000July132000
July132000CTIN
 
Investigative Team
Investigative TeamInvestigative Team
Investigative TeamCTIN
 
Introduction To Unix
Introduction To UnixIntroduction To Unix
Introduction To UnixCTIN
 

More from CTIN (16)

Open Source Forensics
Open Source ForensicsOpen Source Forensics
Open Source Forensics
 
Computer Searchs, Electronic Communication, Computer Trespass
Computer Searchs, Electronic Communication, Computer TrespassComputer Searchs, Electronic Communication, Computer Trespass
Computer Searchs, Electronic Communication, Computer Trespass
 
CyberCrime
CyberCrimeCyberCrime
CyberCrime
 
Search Warrants
Search WarrantsSearch Warrants
Search Warrants
 
Part6 Private Sector Concerns
Part6 Private Sector ConcernsPart6 Private Sector Concerns
Part6 Private Sector Concerns
 
Sadfe2007
Sadfe2007Sadfe2007
Sadfe2007
 
Networking Overview
Networking OverviewNetworking Overview
Networking Overview
 
M Compevid
M CompevidM Compevid
M Compevid
 
L Scope
L ScopeL Scope
L Scope
 
Level1 Part8 End Of The Day
Level1 Part8 End Of The DayLevel1 Part8 End Of The Day
Level1 Part8 End Of The Day
 
Law Enforcement Role In Computing
Law Enforcement Role In ComputingLaw Enforcement Role In Computing
Law Enforcement Role In Computing
 
Level1 Part7 Basic Investigations
Level1 Part7 Basic InvestigationsLevel1 Part7 Basic Investigations
Level1 Part7 Basic Investigations
 
K Ai
K AiK Ai
K Ai
 
July132000
July132000July132000
July132000
 
Investigative Team
Investigative TeamInvestigative Team
Investigative Team
 
Introduction To Unix
Introduction To UnixIntroduction To Unix
Introduction To Unix
 

Recently uploaded

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 

Recently uploaded (20)

DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 

Vista Forensics