SlideShare una empresa de Scribd logo

Chetan-Mining_Digital_Evidence_in_Microsoft_Windows

Descargar como PPT, PDF
G
guest66dc5f
Economía y finanzasTecnología
1 de 44
Mining Digital Evidence in Microsoft Windows – Answering Who, When, Why and How?
Agenda ,[object Object],[object Object],[object Object],[object Object]
A Quick CSI-FBI 2007 Survey Summary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
CSI Computer Crime and Security Survey ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
CSI Computer Crime and Security Survey ,[object Object]
Computer Forensics – the laws ,[object Object],[object Object],[object Object]
Tip of the “Digital” Iceberg Data as seen by a casual observer using common tools (Explorer Window, cmd shell, web browser etc. ) Data as seen by Forensic Investigators using his sophisticated toolkit. May include deleted data, hidden data, unauthorized information and records of illegal activity!
Mining Windows XP
Windows XP – Market Share ,[object Object],[object Object],[object Object],[object Object]
10 Forensics avenues in Windows XP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
10 Forensics avenues in Windows XP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Mining NTFS Attributes ,[object Object]
Mining $logfile ,[object Object],[object Object],[object Object],[object Object],[object Object]
Mining NTFS timestamps ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
10 Forensics avenues in Windows XP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Windows Registry ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Mining Windows Registry ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
10 Forensics avenues in Windows XP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The Prefetch feature ,[object Object],[object Object],[object Object]
The Prefetch feature ,[object Object],[object Object],[object Object]
Mining Prefetch – wfa.exe
10 Forensics avenues in Windows XP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Print Spooler Files ,[object Object],[object Object],[object Object],[object Object]
PA Spool Viewer – view .shd files Splview.exe - available at http:// undocprint.printassociates.com This tool allows you to view the metadata of the print job!
EMF Spool viewer – view .spl files ,[object Object],[object Object],[object Object],[object Object]
10 Forensics avenues in Windows XP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Mining the Recycle bin ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
10 Forensics avenues in Windows XP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Mining Thumbs.db ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
10 Forensics avenues in Windows XP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Event Logs ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Mining event logs… ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
10 Forensics avenues in Windows XP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Tracing Internet Activity ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Mining Internet Explorer ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Mining Mozilla Firefox ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
10 Forensics avenues in Windows XP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Mining shortcut files ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Mining shortcut files… ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
10 Forensics avenues in Windows XP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The restore point feature ,[object Object],[object Object],[object Object],[object Object],[object Object]
The restore point feature ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Mining restore points ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Queries are welcome!

Recomendados

Stegano Forensics
Stegano ForensicsStegano Forensics
Stegano ForensicsChiawei Wang
 
Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3CTIN
 
Chapter2
Chapter2Chapter2
Chapter2Pibi Lu
 
Web Browser Artifacts
Web Browser ArtifactsWeb Browser Artifacts
Web Browser Artifactsprimeteacher32
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisitionprimeteacher32
 
Kerberos for Distributed System Security - Omal Perera
Kerberos for Distributed System Security - Omal PereraKerberos for Distributed System Security - Omal Perera
Kerberos for Distributed System Security - Omal PereraOmal Perera
 
Snort
SnortSnort
SnortMichael Boman
 

Recomendados

Stegano Forensics
Stegano ForensicsStegano Forensics
Stegano ForensicsChiawei Wang
 
Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3Windows 7 forensics event logs-dtl-r3
Windows 7 forensics event logs-dtl-r3CTIN
 
Chapter2
Chapter2Chapter2
Chapter2Pibi Lu
 
Web Browser Artifacts
Web Browser ArtifactsWeb Browser Artifacts
Web Browser Artifactsprimeteacher32
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisitionprimeteacher32
 
Kerberos for Distributed System Security - Omal Perera
Kerberos for Distributed System Security - Omal PereraKerberos for Distributed System Security - Omal Perera
Kerberos for Distributed System Security - Omal PereraOmal Perera
 
Snort
SnortSnort
SnortMichael Boman
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensicsn|u - The Open Security Community
 
Cyber crime and forensic
Cyber crime and forensicCyber crime and forensic
Cyber crime and forensicSANTANU KUMAR DAS
 
Accessing Forensic Images
Accessing Forensic ImagesAccessing Forensic Images
Accessing Forensic ImagesCTIN
 
File Carving
File CarvingFile Carving
File CarvingAakarsh Raj
 
WS-Privacy,
WS-Privacy,WS-Privacy,
WS-Privacy,webhostingguy
 
DHCP and NIS
DHCP and NISDHCP and NIS
DHCP and NISSreenatha Reddy K R
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensicsTaha İslam YILMAZ
 
Using Wayback Machine for Research
Using Wayback Machine for ResearchUsing Wayback Machine for Research
Using Wayback Machine for Researchnullhandle
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
Registry forensics
Registry forensicsRegistry forensics
Registry forensicsPrince Boonlia
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark TutorialCoursenvy.com
 
Shadow forensics print
Shadow forensics printShadow forensics print
Shadow forensics printn|u - The Open Security Community
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic PresentationMD. SHORIFUL ISLAM
 
An Introduction to Sysinternals
An Introduction to SysinternalsAn Introduction to Sysinternals
An Introduction to SysinternalsRiyaz Walikar
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentestingn|u - The Open Security Community
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics toolSreekanth Narendran
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Microsoft Offical Course 20410C_09
Microsoft Offical Course 20410C_09Microsoft Offical Course 20410C_09
Microsoft Offical Course 20410C_09gameaxt
 
Digital forensics research: The next 10 years
Digital forensics research: The next 10 yearsDigital forensics research: The next 10 years
Digital forensics research: The next 10 yearsMehedi Hasan
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsNicholas Davis
 

Más contenido relacionado

La actualidad más candente

Accessing Forensic Images
Accessing Forensic ImagesAccessing Forensic Images
Accessing Forensic ImagesCTIN
 
Using Wayback Machine for Research
Using Wayback Machine for ResearchUsing Wayback Machine for Research
Using Wayback Machine for Researchnullhandle
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
An Introduction to Sysinternals
An Introduction to SysinternalsAn Introduction to Sysinternals
An Introduction to SysinternalsRiyaz Walikar
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Microsoft Offical Course 20410C_09
Microsoft Offical Course 20410C_09Microsoft Offical Course 20410C_09
Microsoft Offical Course 20410C_09gameaxt
 

La actualidad más candente (20)

Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensics
 
Cyber crime and forensic
Cyber crime and forensicCyber crime and forensic
Cyber crime and forensic
 
Accessing Forensic Images
Accessing Forensic ImagesAccessing Forensic Images
Accessing Forensic Images
 
File Carving
File CarvingFile Carving
File Carving
 
WS-Privacy,
WS-Privacy,WS-Privacy,
WS-Privacy,
 
DHCP and NIS
DHCP and NISDHCP and NIS
DHCP and NIS
 
Windows registry forensics
Windows registry forensicsWindows registry forensics
Windows registry forensics
 
Using Wayback Machine for Research
Using Wayback Machine for ResearchUsing Wayback Machine for Research
Using Wayback Machine for Research
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Registry forensics
Registry forensicsRegistry forensics
Registry forensics
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark Tutorial
 
Shadow forensics print
Shadow forensics printShadow forensics print
Shadow forensics print
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic Presentation
 
An Introduction to Sysinternals
An Introduction to SysinternalsAn Introduction to Sysinternals
An Introduction to Sysinternals
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics tool
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissance
 
Microsoft Offical Course 20410C_09
Microsoft Offical Course 20410C_09Microsoft Offical Course 20410C_09
Microsoft Offical Course 20410C_09
 

Destacado

Digital forensics research: The next 10 years
Digital forensics research: The next 10 yearsDigital forensics research: The next 10 years
Digital forensics research: The next 10 yearsMehedi Hasan
 
Alphorm.com Support de la Formation Windows 10 Troubleshootings partie 1
Alphorm.com Support de la Formation Windows 10 Troubleshootings partie 1Alphorm.com Support de la Formation Windows 10 Troubleshootings partie 1
Alphorm.com Support de la Formation Windows 10 Troubleshootings partie 1Alphorm
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
10 Tips for Making Beautiful Slideshow Presentations by www.visuali.se
10 Tips for Making Beautiful Slideshow Presentations by www.visuali.se10 Tips for Making Beautiful Slideshow Presentations by www.visuali.se
10 Tips for Making Beautiful Slideshow Presentations by www.visuali.seEdahn Small
 
Windows 10 in 10 Minutes
Windows 10 in 10 MinutesWindows 10 in 10 Minutes
Windows 10 in 10 MinutesHemant Prasad
 

Destacado (9)

Digital forensics research: The next 10 years
Digital forensics research: The next 10 yearsDigital forensics research: The next 10 years
Digital forensics research: The next 10 years
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Alphorm.com Support de la Formation Windows 10 Troubleshootings partie 1
Alphorm.com Support de la Formation Windows 10 Troubleshootings partie 1Alphorm.com Support de la Formation Windows 10 Troubleshootings partie 1
Alphorm.com Support de la Formation Windows 10 Troubleshootings partie 1
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
An introduction to Windows 10
An introduction to Windows 10 An introduction to Windows 10
An introduction to Windows 10
 
Windows 10
Windows 10Windows 10
Windows 10
 
10 Tips for Making Beautiful Slideshow Presentations by www.visuali.se
10 Tips for Making Beautiful Slideshow Presentations by www.visuali.se10 Tips for Making Beautiful Slideshow Presentations by www.visuali.se
10 Tips for Making Beautiful Slideshow Presentations by www.visuali.se
 
Windows 10 in 10 Minutes
Windows 10 in 10 MinutesWindows 10 in 10 Minutes
Windows 10 in 10 Minutes
 

Similar a Chetan-Mining_Digital_Evidence_in_Microsoft_Windows

Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009ClubHack
 
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationMacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationOlehLevytskyi1
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaCTIN
 
Vista Forensics
Vista ForensicsVista Forensics
Vista ForensicsCTIN
 
Lecture-1-Windows-Artefacts.pdf
Lecture-1-Windows-Artefacts.pdfLecture-1-Windows-Artefacts.pdf
Lecture-1-Windows-Artefacts.pdfssuserfd0132
 
Leveraging NTFS Timeline Forensics during the Analysis of Malware
Leveraging NTFS Timeline Forensics during the Analysis of MalwareLeveraging NTFS Timeline Forensics during the Analysis of Malware
Leveraging NTFS Timeline Forensics during the Analysis of Malwaretmugherini
 
2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - public2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - publicSandro Suffert
 
Discovering Windows Phone 8 Artifacts and Secrets
Discovering Windows Phone 8 Artifacts and Secrets Discovering Windows Phone 8 Artifacts and Secrets
Discovering Windows Phone 8 Artifacts and Secrets Reality Net System Solutions
 
Cybercrime & Computer Forensics - ISBA Master Series CLE, Nov 18, 2011
Cybercrime & Computer Forensics - ISBA Master Series CLE, Nov 18, 2011Cybercrime & Computer Forensics - ISBA Master Series CLE, Nov 18, 2011
Cybercrime & Computer Forensics - ISBA Master Series CLE, Nov 18, 2011John Bambenek
 
Windows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility FrameworkWindows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility FrameworkKapil Soni
 
Digital Forensics in the Archive
Digital Forensics in the ArchiveDigital Forensics in the Archive
Digital Forensics in the ArchiveGarethKnight
 
Operatingsystems
Operatingsystems Operatingsystems
Operatingsystems kuldeepy60
 
AntiForensics - Leveraging OS and File System Artifacts.pdf
AntiForensics - Leveraging OS and File System Artifacts.pdfAntiForensics - Leveraging OS and File System Artifacts.pdf
AntiForensics - Leveraging OS and File System Artifacts.pdfekobelasting
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfGnanavi2
 
Cross-Platform File System Activity Monitoring and Forensics - A Semantic App...
Cross-Platform File System Activity Monitoring and Forensics - A Semantic App...Cross-Platform File System Activity Monitoring and Forensics - A Semantic App...
Cross-Platform File System Activity Monitoring and Forensics - A Semantic App...Kabul Kurniawan
 
Windows Registry Analysis
Windows Registry AnalysisWindows Registry Analysis
Windows Registry AnalysisHimanshu0734
 

Similar a Chetan-Mining_Digital_Evidence_in_Microsoft_Windows (20)

Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
Kush wadhwa _mining_digital_evidence_in_windows - ClubHack2009
 
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentationMacOS forensics and anti-forensics (DC Lviv 2019) presentation
MacOS forensics and anti-forensics (DC Lviv 2019) presentation
 
Msra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troylaMsra 2011 windows7 forensics-troyla
Msra 2011 windows7 forensics-troyla
 
Vista Forensics
Vista ForensicsVista Forensics
Vista Forensics
 
Lecture-1-Windows-Artefacts.pdf
Lecture-1-Windows-Artefacts.pdfLecture-1-Windows-Artefacts.pdf
Lecture-1-Windows-Artefacts.pdf
 
Leveraging NTFS Timeline Forensics during the Analysis of Malware
Leveraging NTFS Timeline Forensics during the Analysis of MalwareLeveraging NTFS Timeline Forensics during the Analysis of Malware
Leveraging NTFS Timeline Forensics during the Analysis of Malware
 
2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - public2010 2013 sandro suffert memory forensics introdutory work shop - public
2010 2013 sandro suffert memory forensics introdutory work shop - public
 
Discovering Windows Phone 8 Artifacts and Secrets
Discovering Windows Phone 8 Artifacts and Secrets Discovering Windows Phone 8 Artifacts and Secrets
Discovering Windows Phone 8 Artifacts and Secrets
 
Cybercrime & Computer Forensics - ISBA Master Series CLE, Nov 18, 2011
Cybercrime & Computer Forensics - ISBA Master Series CLE, Nov 18, 2011Cybercrime & Computer Forensics - ISBA Master Series CLE, Nov 18, 2011
Cybercrime & Computer Forensics - ISBA Master Series CLE, Nov 18, 2011
 
Windows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility FrameworkWindows Registry Forensics with Volatility Framework
Windows Registry Forensics with Volatility Framework
 
Windows forensic
Windows forensicWindows forensic
Windows forensic
 
Operating systems
Operating systemsOperating systems
Operating systems
 
Digital Forensics in the Archive
Digital Forensics in the ArchiveDigital Forensics in the Archive
Digital Forensics in the Archive
 
Operatingsystems
Operatingsystems Operatingsystems
Operatingsystems
 
AntiForensics - Leveraging OS and File System Artifacts.pdf
AntiForensics - Leveraging OS and File System Artifacts.pdfAntiForensics - Leveraging OS and File System Artifacts.pdf
AntiForensics - Leveraging OS and File System Artifacts.pdf
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdf
 
File000173
File000173File000173
File000173
 
Cross-Platform File System Activity Monitoring and Forensics - A Semantic App...
Cross-Platform File System Activity Monitoring and Forensics - A Semantic App...Cross-Platform File System Activity Monitoring and Forensics - A Semantic App...
Cross-Platform File System Activity Monitoring and Forensics - A Semantic App...
 
INT 1010 04-3.pdf
INT 1010 04-3.pdfINT 1010 04-3.pdf
INT 1010 04-3.pdf
 
Windows Registry Analysis
Windows Registry AnalysisWindows Registry Analysis
Windows Registry Analysis
 

Más de guest66dc5f

Os Timed Original
Os Timed OriginalOs Timed Original
Os Timed Originalguest66dc5f
 
Control your entire house with your iPhone
Control your entire house with your iPhoneControl your entire house with your iPhone
Control your entire house with your iPhoneguest66dc5f
 
Awesome car collection
Awesome car collectionAwesome car collection
Awesome car collectionguest66dc5f
 
Freaky car number plates
Freaky car number platesFreaky car number plates
Freaky car number platesguest66dc5f
 
Sunil-Hacking_firefox
Sunil-Hacking_firefoxSunil-Hacking_firefox
Sunil-Hacking_firefoxguest66dc5f
 
Rahul-Analysis_of_Adversarial_Code
Rahul-Analysis_of_Adversarial_CodeRahul-Analysis_of_Adversarial_Code
Rahul-Analysis_of_Adversarial_Codeguest66dc5f
 
WHITEPAPER-7_years_of_Indian_Cyber_Law
WHITEPAPER-7_years_of_Indian_Cyber_LawWHITEPAPER-7_years_of_Indian_Cyber_Law
WHITEPAPER-7_years_of_Indian_Cyber_Lawguest66dc5f
 
Rohas-7_years_of_indian_cyber_laws
Rohas-7_years_of_indian_cyber_lawsRohas-7_years_of_indian_cyber_laws
Rohas-7_years_of_indian_cyber_lawsguest66dc5f
 
Shreeraj-Hacking_Web_2
Shreeraj-Hacking_Web_2Shreeraj-Hacking_Web_2
Shreeraj-Hacking_Web_2guest66dc5f
 
Dror-Crazy_toaster
Dror-Crazy_toasterDror-Crazy_toaster
Dror-Crazy_toasterguest66dc5f
 
Ajit-Legiment_Techniques
Ajit-Legiment_TechniquesAjit-Legiment_Techniques
Ajit-Legiment_Techniquesguest66dc5f
 
Varun-Subtle_Security_flaws
Varun-Subtle_Security_flawsVarun-Subtle_Security_flaws
Varun-Subtle_Security_flawsguest66dc5f
 
longisland_golf_07
longisland_golf_07longisland_golf_07
longisland_golf_07guest66dc5f
 
GolfLakeCity_002
GolfLakeCity_002GolfLakeCity_002
GolfLakeCity_002guest66dc5f
 

Más de guest66dc5f (20)

Os Timed Original
Os Timed OriginalOs Timed Original
Os Timed Original
 
Control your entire house with your iPhone
Control your entire house with your iPhoneControl your entire house with your iPhone
Control your entire house with your iPhone
 
Awesome car collection
Awesome car collectionAwesome car collection
Awesome car collection
 
Freaky car number plates
Freaky car number platesFreaky car number plates
Freaky car number plates
 
David-FPGA
David-FPGADavid-FPGA
David-FPGA
 
Sunil-Hacking_firefox
Sunil-Hacking_firefoxSunil-Hacking_firefox
Sunil-Hacking_firefox
 
Rahul-Analysis_of_Adversarial_Code
Rahul-Analysis_of_Adversarial_CodeRahul-Analysis_of_Adversarial_Code
Rahul-Analysis_of_Adversarial_Code
 
WHITEPAPER-7_years_of_Indian_Cyber_Law
WHITEPAPER-7_years_of_Indian_Cyber_LawWHITEPAPER-7_years_of_Indian_Cyber_Law
WHITEPAPER-7_years_of_Indian_Cyber_Law
 
Rohas-7_years_of_indian_cyber_laws
Rohas-7_years_of_indian_cyber_lawsRohas-7_years_of_indian_cyber_laws
Rohas-7_years_of_indian_cyber_laws
 
David-FPGA
David-FPGADavid-FPGA
David-FPGA
 
Shreeraj-Hacking_Web_2
Shreeraj-Hacking_Web_2Shreeraj-Hacking_Web_2
Shreeraj-Hacking_Web_2
 
Dror-Crazy_toaster
Dror-Crazy_toasterDror-Crazy_toaster
Dror-Crazy_toaster
 
Ajit-Legiment_Techniques
Ajit-Legiment_TechniquesAjit-Legiment_Techniques
Ajit-Legiment_Techniques
 
Varun-Subtle_Security_flaws
Varun-Subtle_Security_flawsVarun-Subtle_Security_flaws
Varun-Subtle_Security_flaws
 
CostofWarinIraq
CostofWarinIraqCostofWarinIraq
CostofWarinIraq
 
NR-golf-sept07
NR-golf-sept07NR-golf-sept07
NR-golf-sept07
 
NR-golf-sept07
NR-golf-sept07NR-golf-sept07
NR-golf-sept07
 
golf
golfgolf
golf
 
longisland_golf_07
longisland_golf_07longisland_golf_07
longisland_golf_07
 
GolfLakeCity_002
GolfLakeCity_002GolfLakeCity_002
GolfLakeCity_002
 

Último

The AES Investment Code - the go-to counsel for the most well-informed, wise...
The AES Investment Code - the go-to counsel for the most well-informed, wise...The AES Investment Code - the go-to counsel for the most well-informed, wise...
The AES Investment Code - the go-to counsel for the most well-informed, wise...AES International
 
PMFBY , Pradhan Mantri Fasal bima yojna
PMFBY , Pradhan Mantri Fasal bima yojnaPMFBY , Pradhan Mantri Fasal bima yojna
PMFBY , Pradhan Mantri Fasal bima yojnaDharmendra Kumar
 
Financial Preparation for Millennia.pptx
Financial Preparation for Millennia.pptxFinancial Preparation for Millennia.pptx
Financial Preparation for Millennia.pptxsimon978302
 
NO1 Certified Black Magic Removal in Uk kala jadu Specialist kala jadu for Lo...
NO1 Certified Black Magic Removal in Uk kala jadu Specialist kala jadu for Lo...NO1 Certified Black Magic Removal in Uk kala jadu Specialist kala jadu for Lo...
NO1 Certified Black Magic Removal in Uk kala jadu Specialist kala jadu for Lo...Amil baba
 
AnyConv.com__FSS Advance Retail & Distribution - 15.06.17.ppt
AnyConv.com__FSS Advance Retail & Distribution - 15.06.17.pptAnyConv.com__FSS Advance Retail & Distribution - 15.06.17.ppt
AnyConv.com__FSS Advance Retail & Distribution - 15.06.17.pptPriyankaSharma89719
 
Stock Market Brief Deck FOR 4/17 video.pdf
Stock Market Brief Deck FOR 4/17 video.pdfStock Market Brief Deck FOR 4/17 video.pdf
Stock Market Brief Deck FOR 4/17 video.pdfMichael Silva
 
Financial analysis on Risk and Return.ppt
Financial analysis on Risk and Return.pptFinancial analysis on Risk and Return.ppt
Financial analysis on Risk and Return.ppttadegebreyesus
 
Kempen ' UK DB Endgame Paper Apr 24 final3.pdf
Kempen ' UK DB Endgame Paper Apr 24 final3.pdfKempen ' UK DB Endgame Paper Apr 24 final3.pdf
Kempen ' UK DB Endgame Paper Apr 24 final3.pdfHenry Tapper
 
Uae-NO1 Kala Jadu specialist Expert in Pakistan kala ilam specialist Expert i...
Uae-NO1 Kala Jadu specialist Expert in Pakistan kala ilam specialist Expert i...Uae-NO1 Kala Jadu specialist Expert in Pakistan kala ilam specialist Expert i...
Uae-NO1 Kala Jadu specialist Expert in Pakistan kala ilam specialist Expert i...Amil baba
 
NO1 Certified kala jadu karne wale ka contact number kala jadu karne wale bab...
NO1 Certified kala jadu karne wale ka contact number kala jadu karne wale bab...NO1 Certified kala jadu karne wale ka contact number kala jadu karne wale bab...
NO1 Certified kala jadu karne wale ka contact number kala jadu karne wale bab...Amil baba
 
『澳洲文凭』买科廷大学毕业证书成绩单办理澳洲Curtin文凭学位证书
『澳洲文凭』买科廷大学毕业证书成绩单办理澳洲Curtin文凭学位证书『澳洲文凭』买科廷大学毕业证书成绩单办理澳洲Curtin文凭学位证书
『澳洲文凭』买科廷大学毕业证书成绩单办理澳洲Curtin文凭学位证书rnrncn29
 
2024 Q1 Crypto Industry Report | CoinGecko
2024 Q1 Crypto Industry Report | CoinGecko2024 Q1 Crypto Industry Report | CoinGecko
2024 Q1 Crypto Industry Report | CoinGeckoCoinGecko
 
Gender and caste discrimination in india
Gender and caste discrimination in indiaGender and caste discrimination in india
Gender and caste discrimination in indiavandanasingh01072003
 
Unit 4.1 financial markets operations .pdf
Unit 4.1 financial markets operations .pdfUnit 4.1 financial markets operations .pdf
Unit 4.1 financial markets operations .pdfSatyamSinghParihar2
 
Unveiling Poonawalla Fincorp’s Phenomenal Performance Under Abhay Bhutada’s L...
Unveiling Poonawalla Fincorp’s Phenomenal Performance Under Abhay Bhutada’s L...Unveiling Poonawalla Fincorp’s Phenomenal Performance Under Abhay Bhutada’s L...
Unveiling Poonawalla Fincorp’s Phenomenal Performance Under Abhay Bhutada’s L...beulahfernandes8
 
Unveiling Business Expansion Trends in 2024
Unveiling Business Expansion Trends in 2024Unveiling Business Expansion Trends in 2024
Unveiling Business Expansion Trends in 2024Champak Jhagmag
 
Uae-NO1 Rohani Amil In Islamabad Amil Baba in Rawalpindi Kala Jadu Amil In Ra...
Uae-NO1 Rohani Amil In Islamabad Amil Baba in Rawalpindi Kala Jadu Amil In Ra...Uae-NO1 Rohani Amil In Islamabad Amil Baba in Rawalpindi Kala Jadu Amil In Ra...
Uae-NO1 Rohani Amil In Islamabad Amil Baba in Rawalpindi Kala Jadu Amil In Ra...Amil baba
 
NO1 Certified Black Magic Specialist Expert In Bahawalpur, Sargodha, Sialkot,...
NO1 Certified Black Magic Specialist Expert In Bahawalpur, Sargodha, Sialkot,...NO1 Certified Black Magic Specialist Expert In Bahawalpur, Sargodha, Sialkot,...
NO1 Certified Black Magic Specialist Expert In Bahawalpur, Sargodha, Sialkot,...Amil baba
 
Liquidity Decisions in Financial management
Liquidity Decisions in Financial managementLiquidity Decisions in Financial management
Liquidity Decisions in Financial managementshrutisingh143670
 

Último (20)

The AES Investment Code - the go-to counsel for the most well-informed, wise...
The AES Investment Code - the go-to counsel for the most well-informed, wise...The AES Investment Code - the go-to counsel for the most well-informed, wise...
The AES Investment Code - the go-to counsel for the most well-informed, wise...
 
PMFBY , Pradhan Mantri Fasal bima yojna
PMFBY , Pradhan Mantri Fasal bima yojnaPMFBY , Pradhan Mantri Fasal bima yojna
PMFBY , Pradhan Mantri Fasal bima yojna
 
Financial Preparation for Millennia.pptx
Financial Preparation for Millennia.pptxFinancial Preparation for Millennia.pptx
Financial Preparation for Millennia.pptx
 
NO1 Certified Black Magic Removal in Uk kala jadu Specialist kala jadu for Lo...
NO1 Certified Black Magic Removal in Uk kala jadu Specialist kala jadu for Lo...NO1 Certified Black Magic Removal in Uk kala jadu Specialist kala jadu for Lo...
NO1 Certified Black Magic Removal in Uk kala jadu Specialist kala jadu for Lo...
 
AnyConv.com__FSS Advance Retail & Distribution - 15.06.17.ppt
AnyConv.com__FSS Advance Retail & Distribution - 15.06.17.pptAnyConv.com__FSS Advance Retail & Distribution - 15.06.17.ppt
AnyConv.com__FSS Advance Retail & Distribution - 15.06.17.ppt
 
Stock Market Brief Deck FOR 4/17 video.pdf
Stock Market Brief Deck FOR 4/17 video.pdfStock Market Brief Deck FOR 4/17 video.pdf
Stock Market Brief Deck FOR 4/17 video.pdf
 
Financial analysis on Risk and Return.ppt
Financial analysis on Risk and Return.pptFinancial analysis on Risk and Return.ppt
Financial analysis on Risk and Return.ppt
 
Kempen ' UK DB Endgame Paper Apr 24 final3.pdf
Kempen ' UK DB Endgame Paper Apr 24 final3.pdfKempen ' UK DB Endgame Paper Apr 24 final3.pdf
Kempen ' UK DB Endgame Paper Apr 24 final3.pdf
 
Uae-NO1 Kala Jadu specialist Expert in Pakistan kala ilam specialist Expert i...
Uae-NO1 Kala Jadu specialist Expert in Pakistan kala ilam specialist Expert i...Uae-NO1 Kala Jadu specialist Expert in Pakistan kala ilam specialist Expert i...
Uae-NO1 Kala Jadu specialist Expert in Pakistan kala ilam specialist Expert i...
 
NO1 Certified kala jadu karne wale ka contact number kala jadu karne wale bab...
NO1 Certified kala jadu karne wale ka contact number kala jadu karne wale bab...NO1 Certified kala jadu karne wale ka contact number kala jadu karne wale bab...
NO1 Certified kala jadu karne wale ka contact number kala jadu karne wale bab...
 
Q1 2024 Newsletter | Financial Synergies Wealth Advisors
Q1 2024 Newsletter | Financial Synergies Wealth AdvisorsQ1 2024 Newsletter | Financial Synergies Wealth Advisors
Q1 2024 Newsletter | Financial Synergies Wealth Advisors
 
『澳洲文凭』买科廷大学毕业证书成绩单办理澳洲Curtin文凭学位证书
『澳洲文凭』买科廷大学毕业证书成绩单办理澳洲Curtin文凭学位证书『澳洲文凭』买科廷大学毕业证书成绩单办理澳洲Curtin文凭学位证书
『澳洲文凭』买科廷大学毕业证书成绩单办理澳洲Curtin文凭学位证书
 
2024 Q1 Crypto Industry Report | CoinGecko
2024 Q1 Crypto Industry Report | CoinGecko2024 Q1 Crypto Industry Report | CoinGecko
2024 Q1 Crypto Industry Report | CoinGecko
 
Gender and caste discrimination in india
Gender and caste discrimination in indiaGender and caste discrimination in india
Gender and caste discrimination in india
 
Unit 4.1 financial markets operations .pdf
Unit 4.1 financial markets operations .pdfUnit 4.1 financial markets operations .pdf
Unit 4.1 financial markets operations .pdf
 
Unveiling Poonawalla Fincorp’s Phenomenal Performance Under Abhay Bhutada’s L...
Unveiling Poonawalla Fincorp’s Phenomenal Performance Under Abhay Bhutada’s L...Unveiling Poonawalla Fincorp’s Phenomenal Performance Under Abhay Bhutada’s L...
Unveiling Poonawalla Fincorp’s Phenomenal Performance Under Abhay Bhutada’s L...
 
Unveiling Business Expansion Trends in 2024
Unveiling Business Expansion Trends in 2024Unveiling Business Expansion Trends in 2024
Unveiling Business Expansion Trends in 2024
 
Uae-NO1 Rohani Amil In Islamabad Amil Baba in Rawalpindi Kala Jadu Amil In Ra...
Uae-NO1 Rohani Amil In Islamabad Amil Baba in Rawalpindi Kala Jadu Amil In Ra...Uae-NO1 Rohani Amil In Islamabad Amil Baba in Rawalpindi Kala Jadu Amil In Ra...
Uae-NO1 Rohani Amil In Islamabad Amil Baba in Rawalpindi Kala Jadu Amil In Ra...
 
NO1 Certified Black Magic Specialist Expert In Bahawalpur, Sargodha, Sialkot,...
NO1 Certified Black Magic Specialist Expert In Bahawalpur, Sargodha, Sialkot,...NO1 Certified Black Magic Specialist Expert In Bahawalpur, Sargodha, Sialkot,...
NO1 Certified Black Magic Specialist Expert In Bahawalpur, Sargodha, Sialkot,...
 
Liquidity Decisions in Financial management
Liquidity Decisions in Financial managementLiquidity Decisions in Financial management
Liquidity Decisions in Financial management
 

Chetan-Mining_Digital_Evidence_in_Microsoft_Windows

  • 1. Mining Digital Evidence in Microsoft Windows – Answering Who, When, Why and How?
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7. Tip of the “Digital” Iceberg Data as seen by a casual observer using common tools (Explorer Window, cmd shell, web browser etc. ) Data as seen by Forensic Investigators using his sophisticated toolkit. May include deleted data, hidden data, unauthorized information and records of illegal activity!
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 22.
  • 23.
  • 24. PA Spool Viewer – view .shd files Splview.exe - available at http:// undocprint.printassociates.com This tool allows you to view the metadata of the print job!
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.