David Cowen a Computer Forensic Expert Witness recently posted part 2 of a blog series he is completing on his blog hackingexposedcomputerforensicsblog
I really enjoyed the recent post called What did they take when they left? Part 2 – Finding out what they ran before they left
It covers Link files, prefetch and User assist keys in detail and is really good information to know as a wannabe Computer Forensic Analyst. I would really recommend if you are interested in Computer Forensic that you read this recent post. It is very detailed and specific and has alot of useful information in one place.
I eagerly await his Part 3 - Where did it go and what did they take?
On a related note I have used Windows File Analyzer my self in the past to study prefetch files and found it really interesting what you can learn. Once I have completed moving house I will do a blog about the use of this tool and what you can learn from it and show some examples. I hope to cover some use of link files as well and possibly user assist keys.
Back to box packing for me..
No comments:
Post a Comment