DFSP # 329 - Shellbags
Digital Forensic Survival Podcast - Podcast autorstwa Digital Forensic Survival Podcast - Wtorki
Kategorie:
This week is a back to basics episode where I cover Windows shell bags. This is a core Windows artifact that gets included in pretty much every file use and knowledge investigation. Any investigation where you’re looking to tie a specific account to directory access activity. Like most Windows artifacts you must know how user interaction affects the artifact in order to properly interpreted as evidence and you must also be aware of any caveats or pitfalls that may affect your evidence. Spoiler alert, there is a huge one associated with Windows shell bags that I’ll cover at the end of the episode-it’s nothing new but if you’re unfamiliar with it you definitely need to know about it.