-
DFIR 101 - Part 2
Content RecycleBin TypedPaths ShellBags What is RecycleBin? How to Analyze? RecycleBin, which is available on Windows systems, is a directory/mechanism created to store the files that the user deletes. Just as a trash can is the mirror of a house, the mirror of computers is a recycle bin. The Recycle...
-
DFIR 101 - Part 1
Introduction One of the points where both guiding and very clear findings can be obtained by analysts during incident response is the “Program Execution Artifacts” provided by the Windows operating system. These and similar structures created by Windows for different purposes help analysts in the analysis stages. For example, although...