Hello Reader,
Tonight I did a bit of an experimental stream. I loaded the current first chapter draft of the new book and its proposed outline and talked through with those watching what I was planning to do. Thanks to Hooligan Goto for helping me out as I tried to figure out what my outline was missing.
I'm excited to work on this new project, as well as all the other projects I'm working on, because all of them will continue to force me to learn, write and contribute going forward for the long term.
Here is the new outline:
Tonight I did a bit of an experimental stream. I loaded the current first chapter draft of the new book and its proposed outline and talked through with those watching what I was planning to do. Thanks to Hooligan Goto for helping me out as I tried to figure out what my outline was missing.
I'm excited to work on this new project, as well as all the other projects I'm working on, because all of them will continue to force me to learn, write and contribute going forward for the long term.
Here is the new outline:
Windows Forensic Fundamentals
Why this data exists
How to form your hypothesis
Building a test bed
Writing python code for DFIR
Disk Structures
MBR
GPT
EFI
Full Disk Encryption
RAIDs
File systems
NTFS
FAT32
EXFAT
REFS
Extended Windows File System Concepts
Shadow Copies
Symlinks, Hardlinks, Reparse Points
TXF, TXR
Single instance storage
Event Tracing Logs
Event Logs
Registry
Registry Fundamentals
Registry Transaction Logs
Recovering deleted data within Registries
Accessing Registries with YARP
User Activity
Registry Data
User Assist
Typed Paths
Cortana Search
RecentApps
File access
ObjectIDs
Lnk Files
Jumplists
Shellbags
Registry data
Device access
Driver install process
Registry data
Driver install logs
GUIDs and meanings
Event Logs
ETLs
Program execution
Application Compatibility Caching
Shimcache
Amcache
Application prefetching
Application Superfetching
User application tracking
ETLs
Event Logs
Network access
RDP
Network Shares
Teamviewer
Event Logs
Network connectivity
Network connections
Network drivers
ETLs
Event Logs
Browser Forensics
Chrome
IE
Firefox
Cloud Hosted
Webmail
Gmail, outlook,
Cloud Storage
Google Drive, Dropbox
Email Forensics
Outlook
OWA
System Logging
Event Logs
Event Tracing Logs
System Monitoring
Journal Analysis
SRUM
Anti Forensics
Wipers
Cleaners
VM Forensics
Vmware Workstation
VMDKS
VMEMS
Virtuabox
Hyper-V
Here is the video if you want to watch it:
Also Read: Daily Blog #537
Post a Comment