Specialized DFIR: Windows File System and Browser Forensics

Focused View

Tyler Hudak

55:19

16 View

1. Course Overview

1. Course Overview.mp4

01:39

2. Windows NTFS Analysis

1. Introduction.mp4

00:46

2. NTFS File System.mp4

02:43

3. NTFS Timestamps.mp4

03:11

4. File System Analysis Tips.mp4

01:38

5. Summary.mp4

01:03

3. NTFS Timeline Generation and Analysis

1. Introduction.mp4

00:24

2. NTFS Analysis Tools.mp4

01:36

3. Investigation Scenario.mp4

01:16

4. Demo - MFT Analysis.mp4

07:09

5. Conclusion.mp4

01:39

4. Browser Artifacts

1. Introduction.mp4

00:33

2. Browser Analysis.mp4

02:42

3. Internet Explorer.mp4

02:12

4. Mozilla Firefox.mp4

01:15

5. Windows File Sys Brows Forensic Special Dfir M4 5.mp4

01:13

6. Analysis Tips.mp4

01:35

7. Conclusion.mp4

01:08

5. Browser Analysis

1. Introduction.mp4

00:45

2. Browser History Analysis.mp4

04:31

3. Google Chrome Analysis.mp4

05:28

4. Conclusion.mp4

01:24

6. Conclusion

1. Introduction.mp4

00:25

2. File System Analysis Summary.mp4

01:26

3. File System Analysis Timeline.mp4

01:53

4. Browser Analysis Summary.mp4

01:22

5. Browser Analysis Timeline.mp4

01:42

6. Combined Timeline.mp4

01:18

7. Conclusion.mp4

01:23

Description

Analyzing Windows file systems and browser artifacts can provide critical information in investigations.

What You'll Learn?

Windows forensic investigations can be daunting with the number of places that contain potential evidence. Focusing on specific areas of the Windows OS will help speed an investigation up and find the information you need. Two of those areas are the Windows NTFS file system, and browser activity.

In this course, Specialized DFIR: Windows File System and Browser Forensics, you’ll learn to analyze the Windows NTFS file system as well as Internet browser activity for evidence of compromise and suspicious activities. First, you’ll explore the NTFS master file table, convert it to a readable format, and find new and modified files related to a compromise. Next, you’ll discover where Internet browsers store their information and how you can use that to your advantage. Finally, you’ll learn how to combine all of this information to have a more comprehensive view of the malicious activities that took place on a compromised host. When you’re finished with this course, you’ll have the skills and knowledge needed to to perform file system and browser forensics on a Windows system.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Computer Forensics

Tyler Hudak

Instructor's Courses

Tyler Hudak has more than 15 years of extensive real-world experience in incident handling, malware analysis, computer forensics, and information security for multiple Fortune 500 firms. He has spoken and taught at a number of security conferences on the topics of malware analysis, incident response, and penetration testing, and brings his frontl ine experience and proven techniques to bear in his training.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.