Friday, November 28, 2014

Forensic Lunch 11/28/14 - Thanksgiving Hangover edition

Hello Reader,
We had a pretty great Forensic Lunch today. We only had one guest but we had enough to talk about to fill the hour and probably another hour in the future.

This week we had Eric Zimmerman, @ericrzimmerman, talking about Shellbags, his tool Shellbag explorer and our research into new things we can determine from them.

We discussed:
  • How shellbags are stored
  • How they are ordered
  • How to manually validate them
  • How to use Eric's tool to visualize them
  • How to determine what file system is being accessed
  • Recovering FTP accesses
  • and much more!

You can download Shellbag Explorer (It's Free!) here: https://www.dropbox.com/s/lw9d0zrzqcr...

You can watch the lunch on Youtube here: https://www.youtube.com/watch?v=7dZICx3PV-Q





Or right below: