Hello Reader,
If you watched the Forensic Lunch yesterday you would have heard Matthew and I talking about developing tools for DFIR. Let's see how well you can quickly research and determine what artifacts you may be missing.
The Prize:
The Prize:
$200 Amazon Giftcard
The Rules:
- You must post your answer before Monday 6/9/14 7PM CST (GMT -5)
- The most complete answer wins
- You are allowed to edit your answer after posting
- If two answers are too similar for one to win, the one with the earlier posting time wins
- Be specific and be thoughtful
- Anonymous entries are allowed, please email them to dcowen@g-cpartners.com. Please state in your email if you would like to be anonymous or not if you win.
- In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post
The Challenge:
Other than USBStor, EMDMgmt, MountedDevices, MountPoints2 and DeviceClasses registry keys how many other locations, registry or otherwise, on a Windows 7 system can you find timestamps of an external storage device being attached.
Also Read: Daily Blog #349
Post a Comment