Загрузка страницы
Все видеоНовые видеоПопулярные видеоКатегории видео

The Volume Shadow Knows

As a continuation of the "Introduction to Windows Forensics" series, this episode covers Volume Shadows and how they can be a forensic goldmine for the investigator. We'll first look at the basics of the technology, and then we'll revisit a concept from an earlier 13Cubed episode and look at two different ways to mount Volume Shadow Copies on a live Windows system. Then, we'll look at how we can mount and interact with these artifacts from a disk image via the "libvshadow" library and its associated utilities.

*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***

VSCMount:
https://ericzimmerman.github.io/

SANS SIFT Workstation:
https://github.com/sans-dfir/sift-cli

Background Music Courtesy of Anders Enger Jensen:
https://www.youtube.com/user/HariboOSX

#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics

Видео The Volume Shadow Knows канала 13Cubed
Показать
Комментарии отсутствуют
Введите заголовок:

Введите адрес ссылки:

Введите адрес видео с YouTube:

Зарегистрируйтесь или войдите с
Информация о видео
6 мая 2019 г. 15:59:40
00:14:48
13Cubed
Теги
Правообладателям
Жалоба
Комментарии
Другие видео канала
First Look at Volatility 3 Public BetaFirst Look at Volatility 3 Public BetaNew Course! Investigating Linux DevicesNew Course! Investigating Linux DevicesIntroduction to MFTECmd - NTFS MFT and Journal ForensicsIntroduction to MFTECmd - NTFS MFT and Journal ForensicsIntroduction to Plaso HeimdallIntroduction to Plaso HeimdallVMware Memory Forensics - Don't Miss This Important Detail!VMware Memory Forensics - Don't Miss This Important Detail!An Important Change to ShellBags - Windows 11 2023 Update!An Important Change to ShellBags - Windows 11 2023 Update!Introduction to iLEAPP - iOS Forensics Made EasyIntroduction to iLEAPP - iOS Forensics Made EasyWindows MACB Timestamps (NTFS Forensics)Windows MACB Timestamps (NTFS Forensics)Secret Office 365 Activities APISecret Office 365 Activities APIRDP Authentication vs. AuthorizationRDP Authentication vs. AuthorizationChannel Update and SurveyChannel Update and SurveyYour Signature Is a JARYour Signature Is a JARRDP Hashes - Event ID 1029 ExplainedRDP Hashes - Event ID 1029 ExplainedWindows Process Genealogy - UpdateWindows Process Genealogy - UpdateDFIR Home Labs - Storage ReviewDFIR Home Labs - Storage ReviewProfiling Network Activity with Volatility 3 - GeoIP from MemoryProfiling Network Activity with Volatility 3 - GeoIP from MemoryVisual Analysis with ProcDOTVisual Analysis with ProcDOTWhere's the 4624? - Logon Events vs. Account LogonsWhere's the 4624? - Logon Events vs. Account LogonsLet's Talk About MUICacheLet's Talk About MUICacheUser Access Logging (UAL) ForensicsUser Access Logging (UAL) ForensicsTwo Thumbs Up - Thumbnail ForensicsTwo Thumbs Up - Thumbnail Forensics
Статистика портала
Яндекс.Метрика
© 2008-2024 «Информационно-развлекательный портал города Верхняя Салда»
| Карта портала | Реклама | Контакты | Сообщить об ошибке | Соглашения
salda.ws salda.ws@mail.ru
Сейчас на сайте: 512 Статистика портала