Loading ...
Sorry, an error occurred while loading the content.
9340
Re: Win 8 setupapi.dev.log Thanks very much, Rob! Now I remember that Yogesh posted on this as well. I had looked through the System Log, but it contained only data for one day, which
Weg, Jimmy
2:51 PM
#9340
 
9339
Re: Win 8 setupapi.dev.log On windows 8 - Id take a look at the  CurrentControlSet\Enum\DeviceType\DeviceID\InstanceID\{GUID}\Properties\006# 006# =  0064 = First install (Win7 or
    Rob Lee
    11:52 AM
    #9339
    This message has attachments
    9338
    Re: Win 8 setupapi.dev.log Thanks, Greg. I'd like to know what the next-best artifact of first-time use would be. Event log (which)? Jimmy Weg, CFCE Agent in Charge, Computer Crime
    Weg, Jimmy
    9:44 AM
    #9338
     
    Fetching Sponsored Content...
    9337
    Re: Win 8 setupapi.dev.log I recently worked on a Windows 8.1 surface tablet and found the same thing to be true, Jimmy. I did not have time to look into it further in my case. -Greg
    Greg Kelley
    Apr 19
    #9337
     
    9336
    Win 8 setupapi.dev.log I've seen a couple systems now that don't contain the referenced file. I haven't investigated this much further yet, but wondered whether someone knew whether
    Weg, Jimmy
    Apr 18
    #9336
     
    9335
    Re: How LastLogonTimeStamp is Updated with Kerberos S4u2Self - Something that might help folks understand what all this is about...
    keydet89
    Apr 15
    #9335
     
    9334
    DFRWS-EU - Call for Participation DFRWS, organizers of the longest-running research conference in digital forensics, invite you to participate in the first annual DFRWS EU conference, held from
    Baker, Dave
    Apr 15
    #9334
     
    9333
    How LastLogonTimeStamp is Updated with Kerberos S4u2Self - How LastLogonTimeStamp is Updated with Kerberos S4u2Self - Ask Premier Field Engineering (PFE) Platforms - Site Home - TechNet Blogs:
    Susan Bradley
    Apr 13
    #9333
     
    9332
    Call for Papers - 6th International Conference on Digital Forensics I was asked to post information about the CFP for ICDFC2/SADFE conference. ... http://d-forensics.org/2014/show/cf-papers Keeping up with our international and
    Baker, Dave
    Apr 11
    #9332
     
    9331
    Re: LastAccess Date Behavior on FAT32 Volumes No. I promise to write less in the future, as long as the questions really are easy. The more I learn about Windows, the more I feel that few things are easy.
    Troy
    Apr 6
    #9331
     
    9330
    Re: LastAccess Date Behavior on FAT32 Volumes Wow, some really long replies here.. I would simply look at the function that turns off the last access time update (and all other filesystem settings). It is
    Yogesh Khatri
    Apr 4
    #9330
     
    9329
    Re: Updated shellbags.pl ? John I am glad some folks are still using it (the enscript), but its old and I haven't updated it in ages. It needs a complete rehash as a lot of new research
    Yogesh Khatri
    Apr 4
    #9329
     
    9328
    Re: Non-USB External Disks & the EMDMgmt Registry Keys John, Currently there is no known way to get the physical serial number of the drive (usb or other) as this is not recorded in the registry or event logs.
    Yogesh Khatri
    Apr 4
    #9328
     
    9327
    Re: USN Journal What version of FTK Imager are you using? I'm running v 3.1.4.6 on Win7, and looking at both an .e01 and raw images of the same hard drive, and I see the
    bbelton1996
    Apr 4
    #9327
     
    9326
    Re: USN Journal Sorry, my apologies, the $UsnJrnl is directly under the $Extend (Left my glasses home ). But I do see it using Imager
    bbelton1996
    Apr 4
    #9326
     
    Fetching Sponsored Content...
    9325
    Re: Non-USB External Disks & the EMDMgmt Registry Keys Possibly Evtx logs too if you have em Sent from my iPhone
    David Nides
    Apr 4
    #9325
     
    9324
    Re: Non-USB External Disks & the EMDMgmt Registry Keys setupapi.log? LNK files? Portable devices registry key? I'm just throwing ideas off the top of my head while I'm on the train. Thanks, Tom PGP Key ID -
    Tom Yarrish
    Apr 4
    #9324
     
    9323
    Re: Updated shellbags.pl ? One other useful shellbags alternative (for EnCase users, at least) is an EnScript written by Yogesh Khatri, and available (along with many others) from
    johnmccash1
    Apr 4
    #9323
     
    9322
    Non-USB External Disks & the EMDMgmt Registry Keys Hey Folks, Does anybody know if there's a way, based on registry or Win7 event (or other log) data, to get the physical serial number, drive type, or drive
    johnmccash1
    Apr 4
    #9322
     
    9321
    SANS Digital Forensics invited you to Detecting Evil on Windows Syst STARTING in 15 MINUTES!! at 11 AM EDT Sign on now!!  https://www.sans.org/webcasts/detecting-evil-windows-systems-in-depth-dfir-poster-98030 -R
    Rob Lee
    Apr 3
    #9321
     
    9320
    Memory forensics training by the Volatility Team is going to Austral We are happy to announce that we will be bringing our memory forensics and malware analysis training to Australia in August:
    Andrew Case
    Apr 2
    #9320
     
    9319
    Early Registration for DFRWS-Europe Ends Monday, March 31 2014 DFRWS, organizers of the longest-running research conference in digital forensics, invite you to participate in the first annual DFRWS EU conference, held from
    Baker, Dave
    Mar 28
    #9319
     
    9318
    Re: Finding Evil on Windows Systems - SANS DFIR Poster Release Great poster On Wednesday, March 26, 2014 7:13:03 PM, Rob Lee wrote:   From our new blog: http://dfir.to/Find-Evil-Poster-Blog Get the
    Ben Whittaker
    Mar 26
    #9318
     
    9317
    Finding Evil on Windows Systems - SANS DFIR Poster Release From our new blog: http://dfir.to/Find-Evil-Poster-Blog Get the new poster here: http://dfir.to/Get-Find-Evil-Poster Online Poster/Electronic
    Rob Lee
    Mar 26
    #9317
     
    9316
    Re: Updated shellbags.pl ? Did you try following the advice you were given about contacting the plugin author?
    keydet89
    Mar 25
    #9316
     
    9315
    Re: Updated shellbags.pl ? I did not. I am currently using the shellbags parser from TZ Works. I like the output from the TZ version. From: Reply-To:
    Mr. Orinoco
    Mar 24
    #9315
     
    9314
    (Free) Intensive Cybersecurity Training for High School Teachers Hello, I was writing on behalf of my friend Dr. Golden Richard (CC'ed) who has received funding to host a two week long Cybersecurity training in New Orleans
    Andrew Case
    Mar 24
    #9314
     
    Fetching Sponsored Content...
    9313
    Re: SIFT 3.0 VM Released We have an option to download stand-alone (.iso) ? Thanks a lot Anderson
    Anderson Clayton
    Mar 24
    #9313
     
    9312
    Re: Updated shellbags.pl ? Jamison, Did you get what you were looking for?
    keydet89
    Mar 24
    #9312
     
    9311
    Re: SIFT 3.0 VM Released Congratulations Rob and Thanks for the great work! (and all other participants) Good to see sift-bootstrap! even if you can expect distribution/system troll
    Julien Touche
    Mar 23
    #9311
     
    View First Topic Go to View Last Topic
    Loading 1 - 30 of total 9,340 messages