Prefetch Deep Dive
This is the premiere of a new 13Cubed series called Deep Dives. In this episode, we'll take an in-depth look at one of the most important Windows "evidence of execution" artifacts. The following topics will be covered: An Introduction to Prefetch; Prefetch Location and File Naming Convention; Prefetch Hash Computation and Exceptions to the Rule; Prefetch File Analysis via MACB Timestamps; Parsing Prefetch Files via PECmd; and Extracting Prefetch Data from Memory.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
Prefetch Explorer (PECmd):
https://ericzimmerman.github.io/
Prefetch Hashes:
http://www.hexacorn.com/blog/2012/06/13/prefetch-hash-calculator-a-hash-lookup-table-xpvistaw7w2k3w2k8/
Prefetch Anti-Forensics:
http://www.hexacorn.com/blog/2012/03/16/the-shortest-anti-forensics-code-in-the-world-take-2/
Volatility:
https://github.com/volatilityfoundation/volatility
Volatility prefetchparser Plugin:
https://github.com/superponible/volatility-plugins
Open Source Implementations of Microsoft Compression Algorithms:
https://github.com/coderforlife/ms-compress
Background Music Courtesy of Anders Enger Jensen:
https://www.youtube.com/user/HariboOSX
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
Видео Prefetch Deep Dive канала 13Cubed
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
Prefetch Explorer (PECmd):
https://ericzimmerman.github.io/
Prefetch Hashes:
http://www.hexacorn.com/blog/2012/06/13/prefetch-hash-calculator-a-hash-lookup-table-xpvistaw7w2k3w2k8/
Prefetch Anti-Forensics:
http://www.hexacorn.com/blog/2012/03/16/the-shortest-anti-forensics-code-in-the-world-take-2/
Volatility:
https://github.com/volatilityfoundation/volatility
Volatility prefetchparser Plugin:
https://github.com/superponible/volatility-plugins
Open Source Implementations of Microsoft Compression Algorithms:
https://github.com/coderforlife/ms-compress
Background Music Courtesy of Anders Enger Jensen:
https://www.youtube.com/user/HariboOSX
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
Видео Prefetch Deep Dive канала 13Cubed
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![](https://i.ytimg.com/vi/Ql3GToEEaVU/default.jpg)
![Let's Talk About Shimcache - The Most Misunderstood Artifact](https://i.ytimg.com/vi/7byz1dR_CLg/default.jpg)
![DFIR Home Labs](https://i.ytimg.com/vi/jJqo2WnGpNo/default.jpg)
![RDP Event Log Forensics](https://i.ytimg.com/vi/myzG11BP3Sk/default.jpg)
![Linux Memory Forensics - Memory Capture and Analysis](https://i.ytimg.com/vi/6Frec5cGzOg/default.jpg)
![PHILIPPINES GREATEST PROPHECY [PHILIPPINES IS NEXT TO ISRAEL]](https://i.ytimg.com/vi/Vl8w7Zyusfc/default.jpg)
![Recycle Bin Forensics](https://i.ytimg.com/vi/Gkir-wGqG2c/default.jpg)
![What's In .DS Store for You? - macOS Forensics](https://i.ytimg.com/vi/5VKTaFBlMcE/default.jpg)
![Windows MACB Timestamps (NTFS Forensics)](https://i.ytimg.com/vi/OTea54BelTg/default.jpg)
![Event Log Chainsaw Massacre - Powerful Threat Detection](https://i.ytimg.com/vi/YN_kffuC6a8/default.jpg)
![Let's Talk About NTFS Index Attributes](https://i.ytimg.com/vi/x-M-wyq3BXA/default.jpg)
![CVEs in Windows Event Logs? What You Need to Know](https://i.ytimg.com/vi/ebmW42YYveI/default.jpg)
![Introduction to Plaso Heimdall](https://i.ytimg.com/vi/JZGfhd1PNhU/default.jpg)
![The ABCs of WMI - Finding Evil in Plain Sight](https://i.ytimg.com/vi/k-_O59BnsHg/default.jpg)
![Learning the Linux File System](https://i.ytimg.com/vi/HIXzJ3Rz9po/default.jpg)
![Introduction to MFTECmd - NTFS MFT and Journal Forensics](https://i.ytimg.com/vi/_qElVZJqlGY/default.jpg)
![Persistence Mechanisms](https://i.ytimg.com/vi/ImGaqVHAbCk/default.jpg)
![Detecting NTDS.DIT Theft - ESENT Event Logs](https://i.ytimg.com/vi/rioVumJB0Fo/default.jpg)
![Introduction to iLEAPP - iOS Forensics Made Easy](https://i.ytimg.com/vi/fEYV5vVAdu4/default.jpg)
![Windows Process Genealogy](https://i.ytimg.com/vi/s98_p3bheL0/default.jpg)