8/12/2023 0 Comments Recentapps registry forensics![]() This is not to say that any analysis was incorrect in the publicly available write-ups I reviewed, the answers to this question were reasonable guesses based on some modicum of the available data. However, beyond that, there was little in the way of verification that the program had actually been used to perform the specified task. ![]() ![]() The other two responses referenced the UserAssist data, and similarly, it seems that something was found that could be an anti-forensic tool, was found on Google and seen to be an anti-forensics tool, and that was the answer. A reference to a program was found, one that was determined to be used for counter-forensic purposes, and that program was the response to the CTF question. The HackStreetBoys response referenced the output of the plugin, which listed the contents of the mpowers user desktop. I found the answers to the question were interesting. One of the CTF questions that caught my attention was, What tool was used to delete forensic artifacts? I've long been interested in two aspects of DFIR work that are directly associated with that question anti- (or counter-) forensics, and what something looks like in the data (i.e., how is the behavior represented in the data?). After engaging with the first image from the DefCon 2018 CTF, I thought it would be fun, and instructive, to take a look at the second image in the CTF, the File Server.Īs before, not having signed up for the CTF itself, I found the questions associated with the image at the following sites:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |