Tag Archives: artefact locations

Research: Decoding LanmanServer\Shares

For my first fully independent research topic I chose to look at the registry key created when an object is shared. This all started with a job we were investigating recently where the indicators we were given did not turn … Continue reading

Posted in Cyber, Research, Shared Folders, Windows Forensics, Windows Registry Forensics | Tagged , , , , , , , , | 6 Comments

Link Files

Link (lnk) files are a valuable source of information in a forensic investigation and should not be casually overlooked. What are Link files? Link files are created by the system when a file is opened, even if that file is … Continue reading

Posted in Link FIles, Windows Forensics | Tagged , , , , , | Leave a comment

Jump Lists

What is a Jump List? A Jump List looks something like: From left to right we have; Windows Media Player Start Menu, Wordpad Internet Explorer Jump Lists were introduced in Windows 7 to allow frequently used files/tasks/webpages to be selected … Continue reading

Posted in Jump Lists, Windows Forensics | Tagged , , , , , , , , | Leave a comment

Chrome – Basics

Google Chrome, or just Chrome, is (at the time of writing) the most popular web browser by a fair amount. Twice as popular as Mozilla’s Firefox. Chrome stores its artefacts in SQLite, JSON (JavaScript Object Notation) and SNSS (Session Saver) … Continue reading

Posted in Browser Forensics, Chrome, Google Chrome, Windows Forensics | Tagged , , , , , , , , , | Leave a comment

Internet Explorer – Basics

As IE comes bundled with Windows as standard it is often the browser (of choice?) used by a lot of organisations. Larger organisations are also often slower to update IE, in my experience, as they have integrated business critical applications … Continue reading

Posted in Browser Forensics, Internet Explorer, Windows Forensics | Tagged , , , , , , , | Leave a comment