Daily Archives: May 21, 2014

Computer Name, Timezone & Current Control Set

Posted on May 21, 2014 by HatsOffSecurity

Computer Name Having the computer name will show that the image you have in front of you is from the machine you were expecting. Obviously it’s not a 100% guarantee, but if it’s deifferent, then something is 100% wrong and … Continue reading →

Operating System Version and Banners

Posted on May 21, 2014 by HatsOffSecurity

Without know which Operating System your image was running you cannot possibly hope to carry out a comprehensive investigation. So my next couple of posts will be very short ‘quick wins’ of where to get some critical data. Starting with … Continue reading →

Posted in Windows Forensics, Windows Registry Forensics | Tagged hats off security, Windows Registry Forensics | Leave a comment

Using the SAM hive to profile user accounts

Posted on May 21, 2014 by HatsOffSecurity

When carrying out investigations there may be a whole raft of information that you have been given, from memory captures, logical or physical disk captures, or, you my have virtually nothing. As such I like to look at a variety … Continue reading →

Posted in Windows Forensics, Windows Registry Forensics | Tagged Cmd vs gui, Cmd.exe, Command Line User Account, hats off security, Windows Registry Forensics, Windows8 | 2 Comments

M	T	W	T	F	S	S
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

	Bianca the Baker on NoScript Plugin Forensic Inves…
	Week 40 – 2022… on PowerShell Basic Introduction…
	ALEX on AnyDesk Forensic Analysis and…
	Week 13 – 2022… on Improving Technical Interviews
	HatsOffSecurity on AnyDesk Forensic Analysis and…

Daily Archives: May 21, 2014

Computer Name, Timezone & Current Control Set

Operating System Version and Banners

Using the SAM hive to profile user accounts

Recent Posts

Categories

CyberLinks

Recent Posts

Recent Comments

Archives

Categories

Meta