Let's Talk About Shimcache - The Most Misunderstood Artifact
In this episode, we'll take an in-depth look at Windows Shimcache (aka AppCompatCache, or "Application Compatibility Cache"). In my experience, this is the most misunderstood Windows forensic artifact. Let's clear up the confusion by reviewing the artiFACTS. Then, we'll jump into a demo and see all of this in action over the course of several reboots.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
08:01 - Demo
09:05 - Demo (Reboot #1)
11:58 - Demo (Reboot #2)
14:27 - Demo (Reboot #3)
16:35 - Demo (Reboot #4)
18:31 - Demo (Reboot #5) and Conclusion
🛠 Resources
Eric Zimmerman Tools:
https://ericzimmerman.github.io/
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
Видео Let's Talk About Shimcache - The Most Misunderstood Artifact канала 13Cubed
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
08:01 - Demo
09:05 - Demo (Reboot #1)
11:58 - Demo (Reboot #2)
14:27 - Demo (Reboot #3)
16:35 - Demo (Reboot #4)
18:31 - Demo (Reboot #5) and Conclusion
🛠 Resources
Eric Zimmerman Tools:
https://ericzimmerman.github.io/
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
Видео Let's Talk About Shimcache - The Most Misunderstood Artifact канала 13Cubed
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Prefetch Deep DiveThe ABCs of WMI - Finding Evil in Plain SightThe Coolest System32 Programs You've Probably Never Heard OfAmCache Investigation - SANS Digital Forensics & Incident Response Summit 2019RDP Event Log ForensicsHow does HTTPS work? What's a CA? What's a self-signed Certificate?SymLinks: The Hidden "SUPER Shortcut" Feature in WindowsEvent Log Chainsaw Massacre - Powerful Threat DetectionLet's Talk About NTFS Index AttributesPersistence MechanismsPuzzling RDP Cache - Putting the Pieces TogetherDLL Injection (and more!) via Application Shimming (Persistence & Defence Evasion)Linux Memory Forensics - Memory Capture and AnalysisShellbag ForensicsRecycle Bin ForensicsDetecting NTDS.DIT Theft - ESENT Event LogsIntroduction to iLEAPP - iOS Forensics Made EasyIntroduction to MFTECmd - NTFS MFT and Journal ForensicsUser Access Logging (UAL) Forensics