Prefetch Deep Dive
This is the premiere of a new 13Cubed series called Deep Dives. In this episode, we'll take an in-depth look at one of the most important Windows "evidence of execution" artifacts. The following topics will be covered: An Introduction to Prefetch; Prefetch Location and File Naming Convention; Prefetch Hash Computation and Exceptions to the Rule; Prefetch File Analysis via MACB Timestamps; Parsing Prefetch Files via PECmd; and Extracting Prefetch Data from Memory.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
Prefetch Explorer (PECmd):
https://ericzimmerman.github.io/
Prefetch Hashes:
http://www.hexacorn.com/blog/2012/06/13/prefetch-hash-calculator-a-hash-lookup-table-xpvistaw7w2k3w2k8/
Prefetch Anti-Forensics:
http://www.hexacorn.com/blog/2012/03/16/the-shortest-anti-forensics-code-in-the-world-take-2/
Volatility:
https://github.com/volatilityfoundation/volatility
Volatility prefetchparser Plugin:
https://github.com/superponible/volatility-plugins
Open Source Implementations of Microsoft Compression Algorithms:
https://github.com/coderforlife/ms-compress
Background Music Courtesy of Anders Enger Jensen:
https://www.youtube.com/user/HariboOSX
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
Видео Prefetch Deep Dive канала 13Cubed
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
Prefetch Explorer (PECmd):
https://ericzimmerman.github.io/
Prefetch Hashes:
http://www.hexacorn.com/blog/2012/06/13/prefetch-hash-calculator-a-hash-lookup-table-xpvistaw7w2k3w2k8/
Prefetch Anti-Forensics:
http://www.hexacorn.com/blog/2012/03/16/the-shortest-anti-forensics-code-in-the-world-take-2/
Volatility:
https://github.com/volatilityfoundation/volatility
Volatility prefetchparser Plugin:
https://github.com/superponible/volatility-plugins
Open Source Implementations of Microsoft Compression Algorithms:
https://github.com/coderforlife/ms-compress
Background Music Courtesy of Anders Enger Jensen:
https://www.youtube.com/user/HariboOSX
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
Видео Prefetch Deep Dive канала 13Cubed
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Let's Talk About Shimcache - The Most Misunderstood Artifact
DFIR Home Labs
RDP Event Log Forensics
Linux Memory Forensics - Memory Capture and Analysis![PHILIPPINES GREATEST PROPHECY [PHILIPPINES IS NEXT TO ISRAEL]](https://i.ytimg.com/vi/Vl8w7Zyusfc/default.jpg)
PHILIPPINES GREATEST PROPHECY [PHILIPPINES IS NEXT TO ISRAEL]
Recycle Bin Forensics
What's In .DS Store for You? - macOS Forensics
Windows MACB Timestamps (NTFS Forensics)
Event Log Chainsaw Massacre - Powerful Threat Detection
Let's Talk About NTFS Index Attributes
CVEs in Windows Event Logs? What You Need to Know
Introduction to Plaso Heimdall
The ABCs of WMI - Finding Evil in Plain Sight
Learning the Linux File System
Introduction to MFTECmd - NTFS MFT and Journal Forensics
Persistence Mechanisms
Detecting NTDS.DIT Theft - ESENT Event Logs
Introduction to iLEAPP - iOS Forensics Made Easy
Windows Process Genealogy