Top Ad unit 728 × 90

Latest News

random

Daily Blog #495: Forensic Lunch Test Kitchen 10/2/18

Hello Reader,
          Another night, another test kitchen. Tonight we continued our ObjectID testing and research to see if sequence numbers would reliably increment on reboots allowing us to find evidence of changes to the system clock and in what actual order files were created (windows 10) or opened (all other windows). Here is the summary of what we learned:


  • Sequence numbers are set in the Software registry under SOFTWARE\Microsoft\RPC\UUIDSequenceNumber
  • Windows.old backups now appear to include the users directory and are deleted after a week by a scheduled task
  • Sequence numbers will increment on each reboot, irregardless of timeset
  • Sequence numbers can jump and then settle back on the original sequence, working to understand how and why

You can watch the broadcast here:

Daily Blog #495: Forensic Lunch Test Kitchen 10/2/18 Reviewed by David Cowen on October 02, 2018 Rating: 5

No comments:

All Rights Reserved by Hacking Exposed Computer Forensics Blog © 2014 - 2020
Powered By Blogger, Designed by Sweetheme

Contact Form

Name

Email *

Message *

Powered by Blogger.