Загрузка страницы
Все видеоНовые видеоПопулярные видеоКатегории видео

Let's Talk About Shimcache - The Most Misunderstood Artifact

In this episode, we'll take an in-depth look at Windows Shimcache (aka AppCompatCache, or "Application Compatibility Cache"). In my experience, this is the most misunderstood Windows forensic artifact. Let's clear up the confusion by reviewing the artiFACTS. Then, we'll jump into a demo and see all of this in action over the course of several reboots.

*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***

📖 Chapters

00:00 - Intro
08:01 - Demo
09:05 - Demo (Reboot #1)
11:58 - Demo (Reboot #2)
14:27 - Demo (Reboot #3)
16:35 - Demo (Reboot #4)
18:31 - Demo (Reboot #5) and Conclusion

🛠 Resources

Eric Zimmerman Tools:
https://ericzimmerman.github.io/

#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics

Видео Let's Talk About Shimcache - The Most Misunderstood Artifact канала 13Cubed
Показать
Комментарии отсутствуют
Введите заголовок:

Введите адрес ссылки:

Введите адрес видео с YouTube:

Зарегистрируйтесь или войдите с
Информация о видео
19 июля 2021 г. 16:55:38
00:21:51
13Cubed
Теги
Правообладателям
Жалоба
Комментарии
Другие видео канала
Prefetch Deep DivePrefetch Deep DiveThe ABCs of WMI - Finding Evil in Plain SightThe ABCs of WMI - Finding Evil in Plain SightThe Coolest System32 Programs You've Probably Never Heard OfThe Coolest System32 Programs You've Probably Never Heard OfAmCache Investigation - SANS Digital Forensics & Incident Response Summit 2019AmCache Investigation - SANS Digital Forensics & Incident Response Summit 2019RDP Event Log ForensicsRDP Event Log ForensicsHow does HTTPS work? What's a CA? What's a self-signed Certificate?How does HTTPS work? What's a CA? What's a self-signed Certificate?SymLinks: The Hidden "SUPER Shortcut" Feature in WindowsSymLinks: The Hidden "SUPER Shortcut" Feature in WindowsEvent Log Chainsaw Massacre - Powerful Threat DetectionEvent Log Chainsaw Massacre - Powerful Threat DetectionLet's Talk About NTFS Index AttributesLet's Talk About NTFS Index AttributesPersistence MechanismsPersistence MechanismsPuzzling RDP Cache - Putting the Pieces TogetherPuzzling RDP Cache - Putting the Pieces TogetherDLL Injection (and more!) via Application Shimming (Persistence & Defence Evasion)DLL Injection (and more!) via Application Shimming (Persistence & Defence Evasion)Linux Memory Forensics - Memory Capture and AnalysisLinux Memory Forensics - Memory Capture and AnalysisShellbag ForensicsShellbag ForensicsRecycle Bin ForensicsRecycle Bin ForensicsDetecting NTDS.DIT Theft - ESENT Event LogsDetecting NTDS.DIT Theft - ESENT Event LogsIntroduction to iLEAPP - iOS Forensics Made EasyIntroduction to iLEAPP - iOS Forensics Made EasyIntroduction to MFTECmd - NTFS MFT and Journal ForensicsIntroduction to MFTECmd - NTFS MFT and Journal ForensicsUser Access Logging (UAL) ForensicsUser Access Logging (UAL) Forensics
Статистика портала
Яндекс.Метрика
© 2008-2024 «Информационно-развлекательный портал города Верхняя Салда»
| Карта портала | Реклама | Контакты | Сообщить об ошибке | Соглашения
salda.ws salda.ws@mail.ru
Сейчас на сайте: 512 Статистика портала