Windows Registry analysis is fundamental to forensics, but are your tools on a strong foundation? We wanted a fast, cross-platform library for parsing registry hives with full support for transaction logs, but nothing was available. So, we wrote our own in Rust and open-sourced it! We'll show you how to use it with real DFIR use cases and how to integrate it with TimeSketch, Excel, and other tools. Finally, we'll use it to dive deep into Shellbags and uncommon extension blocks, dispel some dangerous myths about what they say about user behavior, and show how to build a defensible timeline from the last written timestamps of Shellbag keys.SANS DFIR Summit 2023
Speakers:
Shane McCulley, Senior Software Developer, Aon
Kimberly Stone, Director, Aon
View upcoming Summits:
Музыка
Фильмы
ТВ Шоу
Категории видео
