filmov
tv
Setting up a lab to practice Windows Forensics
Показать описание
🎓 MCSI Certified DFIR Specialist 🎓
🧪 Build your own Digital Forensics lab at Home! 🧪
#️⃣ ✔️ Hashing for Data Integrity ✔️ #️⃣
💻🔎 MCSI Digital Forensics Library 🔎💻
A Windows forensics lab can be a very useful tool for investigating potential crimes. By having a dedicated space for forensics work, investigators can more easily control the environment and ensure that evidence is not contaminated. In addition, a Windows forensics lab can provide investigators with access to specialized equipment and software that can be used to examine digital evidence. Having a well-equipped and organized Windows forensics lab can be a vital asset for any investigation. By having a dedicated space for forensics work, investigators can more easily control the environment and ensure that evidence is not contaminated. In addition, a Windows forensics lab can provide investigators with access to specialized equipment and software that can be used to examine digital evidence.
In this video, we will discuss the requirements for building a Windows forensics lab and provide a list of key considerations to keep in mind when planning your space.
This video will also provide practical examples of tools and techniques to get you started in your Windows lab environment. This includes:
🛠 Windows Event Logs:
Windows event logs are a valuable source of information for troubleshooting system issues and tracking changes made to a system. Event logs can be viewed in the Event Viewer, which is a tool that displays all of the logs generated by the Windows operating system. The Event Viewer has three different views: the Applications and Services Logs, the Security Log, and the System Log. Each log contains different information that can be useful when troubleshooting a problem. For example, the System Log will contain information about system startup and shutdown, while the Security Log will contain information about failed login attempts. By default, event logs are stored in the C:\Windows\System32\Winevt\Logs directory.
🛠 System Monitor (sysmon)
Sysmon is a windows tool that allows you to monitor system activity. It can be used to monitor for suspicious activity or to troubleshoot issues. Sysmon can be configured to log a variety of information, including process creation and network connections. This information can be valuable when investigating suspicious activity or troubleshooting issues.
🛠 Hashing
A hash value is a numerical value that is used to identify a file or piece of data. Hash values are typically generated by a hashing algorithm, which takes a file or data and produces a unique numerical value, known as a hash value, that can be used to identify the file or data. Hash values are used in digital forensics to help identify files and data that may be related to a particular investigation. For example, if two files have the same hash value, they are likely to be the same file. Similarly, if two pieces of data have the same hash value, they are likely to be related. Hash values can be used to verify the integrity of a file or data.
🧪 Build your own Digital Forensics lab at Home! 🧪
#️⃣ ✔️ Hashing for Data Integrity ✔️ #️⃣
💻🔎 MCSI Digital Forensics Library 🔎💻
A Windows forensics lab can be a very useful tool for investigating potential crimes. By having a dedicated space for forensics work, investigators can more easily control the environment and ensure that evidence is not contaminated. In addition, a Windows forensics lab can provide investigators with access to specialized equipment and software that can be used to examine digital evidence. Having a well-equipped and organized Windows forensics lab can be a vital asset for any investigation. By having a dedicated space for forensics work, investigators can more easily control the environment and ensure that evidence is not contaminated. In addition, a Windows forensics lab can provide investigators with access to specialized equipment and software that can be used to examine digital evidence.
In this video, we will discuss the requirements for building a Windows forensics lab and provide a list of key considerations to keep in mind when planning your space.
This video will also provide practical examples of tools and techniques to get you started in your Windows lab environment. This includes:
🛠 Windows Event Logs:
Windows event logs are a valuable source of information for troubleshooting system issues and tracking changes made to a system. Event logs can be viewed in the Event Viewer, which is a tool that displays all of the logs generated by the Windows operating system. The Event Viewer has three different views: the Applications and Services Logs, the Security Log, and the System Log. Each log contains different information that can be useful when troubleshooting a problem. For example, the System Log will contain information about system startup and shutdown, while the Security Log will contain information about failed login attempts. By default, event logs are stored in the C:\Windows\System32\Winevt\Logs directory.
🛠 System Monitor (sysmon)
Sysmon is a windows tool that allows you to monitor system activity. It can be used to monitor for suspicious activity or to troubleshoot issues. Sysmon can be configured to log a variety of information, including process creation and network connections. This information can be valuable when investigating suspicious activity or troubleshooting issues.
🛠 Hashing
A hash value is a numerical value that is used to identify a file or piece of data. Hash values are typically generated by a hashing algorithm, which takes a file or data and produces a unique numerical value, known as a hash value, that can be used to identify the file or data. Hash values are used in digital forensics to help identify files and data that may be related to a particular investigation. For example, if two files have the same hash value, they are likely to be the same file. Similarly, if two pieces of data have the same hash value, they are likely to be related. Hash values can be used to verify the integrity of a file or data.
0:00:28
0:13:18
0:07:41
0:04:24
0:06:26
0:10:05
0:17:16
0:27:29
0:02:32
0:04:09
0:27:09
0:06:25
0:04:24
0:04:44
0:12:24
0:06:53
0:13:39
0:16:36
0:20:45
0:04:49
0:23:58
0:01:54
1:01:51
0:27:41