Sniper Forensics V2.0 Target Acquisition - SANS - SANS Institute

More documents

Recommendations

Info

Conclusion Go after ONLY the data you need to go after Be consistent in your approach to each case Build a methodology that works for you and follow it Consistency builds efficiency and accuracy You can do multiple things at once There is a LOT than can be done while images are burning Become familiar with the command line Learn the switches for grep, gawk, and cut Learn how to stack commands Copyright Trustwave 2010 Confidential
Conclusion Take good notes Good case notes will literally write your final report for you Keeps you from forgetting what you did three days ago important Registry hives NTUSER.dat Timelines $MFT Event Logs wastin! Copyright Trustwave 2010 Confidential
Page 1 and 2:
Sniper Forensics V2.0 Target Acquis
Page 3 and 4: Thank You Dan Christensen! Copyrigh
Page 5 and 6: TheDigitalStandard.Blogspot.com Cop
Page 7 and 8: The Evolution of: Sniper Forensics
Page 9 and 10: Sniper Forensics V3.0: Black Ops U
Page 11 and 12: - Jibran Ilyas - Senior Security Co
Page 13 and 14: and slaps him right in the face! He
Page 15 and 16: Target Acquisition What do I d
Page 17 and 18: Target Acquisition How do I snipe i
Page 19 and 20: Target Acquisition FTK Imager v3.00
Page 21 and 22: Target Acquisition Rinse, Repeat, R
Page 23 and 24: Trigger Squeeze RegRipper, or TSK)
Page 25 and 26: Trigger Squeeze Super Timelines (Th
Page 27 and 28: Trigger Squeeze Rip the $MFT I use
Page 29 and 30: Rounds Down Range Know how to stack
Page 31 and 32: Analysis String search in timeline
Page 33 and 34: Analysis Analyzing RAM dumps is a g
Page 35 and 36: Analysis Copyright Trustwave 2010
Page 37 and 38: Copyright Trustwave 2010 Confidenti
Page 39 and 40: Copyright Trustwave 2010 Confidenti
Page 41 and 42: While the $S_I can be accessed by b
Page 43 and 44: All Your Config Files are Belong to
Page 49 and 50: Seriously, at Least Try! Copyright
Page 51 and 52: Seriously, at Least Try! TypedURLs
Page 53: Seriously, at Least Try! Not shown:
show all

Sniper Forensics V2.0 Target Acquisition - SANS - SANS Institute

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?