Daily Blog #555: Sunday Funday 12/2/18 - Shims Challenge

Shims Challenge by David Cowen - Hacking Exposed Computer Forensics Blog

Hello Reader,
             We've had some great research coming out by working together. This weeks challenge is less about trying something new, and more about trying to understand more about what we already know.

The Prize:

$100 Amazon Giftcard

The Rules:

  1. You must post your answer before Friday 12/7/18 7PM CST (GMT -5)
  2. The most complete answer wins
  3. You are allowed to edit your answer after posting
  4. If two answers are too similar for one to win, the one with the earlier posting time wins
  5. Be specific and be thoughtful
  6. Anonymous entries are allowed, please email them to dcowen@g-cpartners.com. Please state in your email if you would like to be anonymous or not if you win.
  7. In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post

The Challenge:

Document the order that the following shims are executed/data written in Windows 10:
  • Prefetch
  • Shimcache
  • Amcache
  • Userassist
  • SRUM
List the time stamps associated with the entry creation and whatever else you can determine about the order they are called.

Also Read: Daily Blog #554

Post a Comment