Plumbing the Depths: ShellBags - SANS DFIR SUMMIT - - vimore.org

Plumbing the Depths: ShellBags - SANS DFIR SUMMIT

Plumbing the Depths: ShellBags - SANS DFIR SUMMIT

YouTube

Eric R. Zimmerman, @EricRZimmerman, Special Agent, FBI This presentation will explore the most common ShellBag types (directories, GUIDs, control panel items, etc) and the kinds of data contained therein including timestamps, usernames, changing program associations, file system info, user searches, accessing network resources (UNC paths and FTP), and so on. The discussion will also cover extension blocks and the kinds of data they contain. The discussion will start at the hex level, work toward higher levels of abstraction, and culminate with examples of using ShellBags Explorer (SBE) to streamline the review of ShellBags data. This will include showing how SBE can be used to accelerate the investigation of unlimited amounts of ShellBag data including working with individual registry hives as well as deduplicating multiple hives for a user. The presentation will also demonstrate how Dan Pullega’s research has been incorporated and expanded upon including first and last explored dates. The information contained in ShellBags and exposed via SBE is relevant to FEs, IR teams, and law enforcement as it quickly and easily provides context around a user’s action in addition to their interaction with a computer and its associated resources. Eric Zimmerman, Special Agent, FBI Eric Zimmerman is an FBI special agent assigned to the Salt Lake City FBI field office since 2007. He is a member of the Utah ICAC and has provided training and assistance to dozens of local, state, federal and international law enforcement agencies. Download Slides Here: http://digital-forensics.sans.org/community/summits#



Computer Forensic Examinations 10 - Shellbags

In this video we're going to look at registry entries called shellbags, which monitors the way you view folders within Windows Explorer. Be sure to check out t

YouTube

Threat Hunting in Security Operation - SANS Threat Hunting Summit 2017

The Security Operations Center (SOC) is intended to be the nexus of protection for the organization. There are many things it must do. This talk will depict a m

YouTube

Windows Forensics: Event Trace Logs - SANS DFIR Summit 2018

Looking for a “new” Windows artifact that is currently being underutilized and contains a wealth of information? Event Tracing for Windows (ETW) and Event Trace

YouTube

CTI Summit Keynote - Cliff Stoll - (Still) Stalking the Wily Hacker

Register for the 2018 Cyber Threat Intelligence Summit: http://www.sans.org/u/wOQ (Still) Stalking the Wily Hacker: Three Decades of Computer Security in Per

YouTube

Zero-Trust Networks: The Future Is Here - SANS Blue Team Summit 2019

The Blue Team Summit features presentations and panel discussions covering actionable techniques, new tools, and innovative methods that help cyber defenders im

YouTube

Performing Smartphone Forensics without Commercial Tools - SANS DFIR SUMMIT

Heather Mahalik, @heathermahalik, Forensics Lead and PM, Oceans Edge, Inc & SANS Certified Instructor, Author, Course Lead This session features an array of to

YouTube

Digital Forensics | Davin Teo | TEDxHongKongSalon

Listen to Davin’s story, how he found his unique in Digital Forensics. Not your white lab coat job in a clean white windowless laboratory. But pulling out the b

YouTube

Forensic Lunch 11/28/14

The after Thanksgiving Hangover edition This week we had Eric Zimmerman, @ericrzimmerman, talking about Shellbags, his tool Shellbag explorer and our research i

YouTube

Shellbag Forensics

As a continuation of the "Introduction to Windows Forensics" series, this video introduces Shellbags. Have you ever customized the folder view settings within a

YouTube

Distributed Evidence Collection and Analysis with Velociraptor - SANS DFIR Summit 2019

Distributed Evidence Collection and Analysis with Velociraptor: Fast, Surgical, at Scale...and Free! Having the ability to rapidly collect and examine artifa

YouTube

Open-Source DFIR Made Easy: The Setup - SANS Digital Forensics & Incident Response Summit 2017

A common challenge in the digital forensics and incident response (DFIR) community has been creating a DFIR toolkit that is cheap, simple to setup, scalable, an

YouTube

A View from the Front Lines of Cybersecurity

Sandra Joyce, Vice President and Head of Global Intelligence Operations, FireEye Kevin Mandia, Chief Executive Officer, FireEye As one of the foremost experts

YouTube

A Guide to Eric Zimmerman's command line tools (EZ Tools)

SANS instructor and Former FBI Agent Eric Zimmerman creates and maintains several open source command line tools (EZ Tools) free to the DFIR Community. These op

YouTube

Evolving the Hunt: A Case Study in Improving a Mature Hunt Program - SANS Threat Hunting Summit 2019

As a major U.S. retailer with a strong cybersecurity focus, Target has long had a functional, mature threat hunting program. When David Bianco took over respons

YouTube

Top 10 free tools for digital forensic investigation

Read the full report here: http://www.gfi.com/blog/top-10-free-tools-for-digital-forensic-investigation-video/ We've compiled the top 10 free tools to help you

YouTube

Introduction to Windows Forensics

An introduction to basic Windows forensics, covering topics including UserAssist, Shellbags, USB devices, network adapter information and Network Location Aware

YouTube

Tracking Traces of Deleted Applications - SANS DFIR Summit 2019

On today’s modern smartphones, evidence of absence doesn’t always mean a complete absence of evidence. Even though users may delete third-party applications fro

YouTube

Interested in Smartphone Forensics?

Have you considered enrolling in FOR585, or are you concerned that there is a prerequisite to taking Smartphone Analysis In-Depth? The webcast will address some

YouTube

Security Operations 2018: What Is Working? What Is Not.

Kerry Matre, Security Operations Strategist, Palo Alto Networks Security operations have had to evolve over the last four decades to keep up with the advancing

YouTube

The Cycle of Cyber Threat Intelligence

Overview Too often, our community thinks of cyber threat intelligence (CTI) as just a finished product (or even just an indicator feed). But behind the scenes o

YouTube