![]() ![]() UEME_RUNPIDL:%csidl2%\Accessories\Windows Movie Maker.lnk (9) UEME_RUNPIDL:%csidl2%\Accessories\Tour Windows XP.lnk (10) UEME_RUNPIDL:%csidl2%\Windows Messenger.lnk (11) UEME_RUNPIDL:%csidl2%\Windows Media Player.lnk (12) UEME_RUNPIDL:%csidl2%\MSN Explorer.lnk (13) UEME_RUNPIDL:C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk (14) UEME_RUNPATH:C:\System Volume Information\_restore\Count The two files we discovered were the following So on that note lets get started with Part 3. At this point I think thats why we're all here to learn how to create timelines and hopefully with practise and experience learn how to better understand the results and identify the actions that have occurred. ![]() However all of that information is worthless if you're unable to make sense of the information within the timeline. Now I have to say that its one thing to be able to understand how to create a timeline and dump as much information into that timeline as possible. We had identified a number of suspicious files already using RegRipper to assist our investigation and these were going to be used as a starting point for our timeline analysis. Tracking back now to Part 2 of our series we finished up by creating our first timeline in CSV format and in this tutorial we were about to focus on analysing the Timeline. Secondly I'd like to thank Harlan Carvey for highlighting Part 1 and 2 of the series and my blog received a large number of hits because of this, so thank you Harlan! To any new readers that may be visiting on a regular basis welcome to the blog and I hope you can get something out of my posts. As you all understand life is busy at the best of times and unfortunately while you're learning at the same time that you're posting tutorials it can be quite challenging to keep up with regular posts. Firstly I wanted to apologise for the long delay since I posted Part 2 of the Forensic Timeline for beginner series. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |