Windows Incident Response

by Unknown ( · · · · 2 subscribers

The Windows Incident Response Blog is dedicated to the myriad information surrounding and inherent to the topics of IR and digital analysis of Windows systems. This blog provides information in support of my books; "Windows Forensic Analysis" (1st thru 4th editions), "Windows Registry Forensics", as well as the book I co-authored with Cory Altheide, "Digital Forensics with Open Source Tools".

Tags: password dumping, andreas, newbie, zine, bitlocker, evidence dynamics, totd, cyberspeak, registry, autostart, breach, resources, wrf, adviser, nrdfi, innovation, dell, updates, windows 8, dfirsummit, categories, skillz, mac, next-gen, tsk, guidelines, forensics, virtualization, decaf, vmware, filedisk, lights, amazon, version, metadata, pfic, stuxnet, documentation, change, os identification, ms, crimeware, military, pool tag, hackin9, legends, nmap, contributing, cybercrime, resolutions, open source, forensiczone, regripper, awards, captainforensics, memory, sharing, dfi, teaching, errorreporting, f3, the cory, ripcord, concepts, acpo, links, process, sift, tag, hogfly, malware, fundamentals, methodology, raid, insecure, a-311 death, win32dd, restore points, definitions, techtalk, hibernation, thesis, sam, ram, writing, hakin9, task, blackhat, wifi geolocation,, first, articles, 7safe, apt, from the lab, sfc, pagefile, domain, logs, anti-forensics, wfa, ntuser.dat, legal, perl, challenges, books, wfp, matrix, winlogon, research, job, etcss, ir, word, timeline, uncertainty, howto, free, dll, roth, logparser, training, certifications, programming, userassist, notify, smartmount, shortcut, data leakage, management, service, gragido, system, immediate response, nintendo, speaking, osforensics, lnk, litchfield, cutaway, summit, fru, fuzzy, xp, esent, vmi, volume shadow copies, itb, preparation, talkforensics, dod cybercrime, miller, proactive, browser, files, mmpc, emdmgmt, interview, sans, commentary, persistence, collaboration, virut, ssdeep, enterprise, jobparse, trojan defense, pdf, antimalware, knowledge, shitem, case study, intotheboxes, printers, best practices, f-secure, erasure, dd, prefetch, theft, report, mandia, stuff, unallocated, volatility, wiki, security minded, kornblum, pyflag, csoonline, review, sites, mft, reading, email, bejtlich, .job, prodiscover, news, event logs, plugin, spider, exfiltration, context, f-response, pauldotcom, geolocation, shellbags, firewall, kai axford, community, ediscovery, fsp, exploit, jump lists, article, book writing, usb, didier, hensing, encryption, antivirus, json, rob lee, forensic4cast, reconnoitre, indicators, drive encryption, pescanner, teched, xp mode, pimp my, cf, cdrom, carbon black, cb, value, podcasts, conferences, rip, parse, rim, rca, python, media, faq, meetup, ppt, events, mbr, rootkits, reporting, ie, thoughts, intrusion, database, swgde, cofee, analysis, model, tools, restore, meet-up, thanks, alternative, visualization, wacci, regslack, ioc, dfironline, wmi, intel, data hiding, msrc, blackberry, sticky notes, windows 7, vdk, java, brain droppings, nova forensics meetup, library, dfrws, trends, new, u3, leak, comments, osdfc, osdetect, lateral movement, espionage, ptfinder, repository, ewf, kindle, microsoft, win4n6, idx, ripxp, counter-forensics, questions, outlook, securiteam, sniper forensics, image, accounts, artifacts, live response, user, device, slashdot, nt, haxdoor, ads, link, mdd, bluetooth, computerworld, fcli, fraud, cirt, hbgary, pirc, radar, incident management, jesse, scanner, cio, dfir, presentation, vista, application, book, users, safeboot, windows, responder, update, dcc2009, av, pool, hashing, omfw, binmode, dvd, blogs, vsc, 2007, time