filmov
tv
DFIR - Windows Forensics - Part 1
Показать описание
In this DFIR exercise on Lets Defend, we are supplied an AD1 file to mount with FTK Imager and use Eric Zimmerman's tools to analyze, investigate and 10 questions to answer!
Due to length and issues around Q4, I have decided to make this a 2 part-er (hopefully just a 2 part-er!)
*Make sure to use FTK Imager 4.7.1.2+ to mount the AD1 file
MD5: 5707aa9987086320e214b7b5cd1334e4
SHA-1: 605301a3dc6e4a27e7cbd1092eb3daf253604aef
SHA-256: 743665e2a1836451ce851eef6b1841cd668e15f867d84dcefdd8636959373c99
Due to length and issues around Q4, I have decided to make this a 2 part-er (hopefully just a 2 part-er!)
*Make sure to use FTK Imager 4.7.1.2+ to mount the AD1 file
MD5: 5707aa9987086320e214b7b5cd1334e4
SHA-1: 605301a3dc6e4a27e7cbd1092eb3daf253604aef
SHA-256: 743665e2a1836451ce851eef6b1841cd668e15f867d84dcefdd8636959373c99
1:25:20
0:38:53
0:34:49
0:53:50
0:01:21
1:16:05
0:16:04
1:04:33
0:18:01
0:29:24
0:10:00
0:00:54
0:02:32
0:22:03
0:38:52
0:01:46
0:28:16
0:44:15
0:21:56
0:17:49
0:36:15
0:23:54
0:00:29
0:05:57