-
Recent Posts
- PowerShell Basic Introduction (Security Version)
- Improving Technical Interviews
- AnyDesk Forensic Analysis and Artefacts
- Log4J/Log4Shell Video Glossary
- HatsOffSecurity on YouTube
- How to Create a Good Security CTF
- NoScript Plugin Forensic Investigation – Firefox/ToR Browser
- Keybase.io Forensics Investigation
- When is Index.dat not Evidence of Browsing
- HTTP Methods
Categories
- anydesk
- Attack
- Browser Forensics
- Brute force
- Chrome
- Competition
- Competitions
- Containment
- Content Delivery Manager
- Cookies
- Cryptography
- CTF
- Cyber
- Cyber Security Challenge
- Decoding Time
- Encrypted Traffic
- Firefox
- Forensic Readiness Plan
- General
- Google Analytics
- Google Chrome
- Google Rapid Response
- Group Policy
- GRR
- Hardening
- Heartbleed
- Identification
- Incident Response
- Internet Explorer
- Interviews
- Introduction
- Jump Lists
- Keybase
- Link FIles
- Linux Forensics
- Memory Forensics
- Microsoft Edge
- My Two Cents
- Network Analytics
- Network Forensics
- pass the hash
- PCAP Analysis
- Pen Testing
- PowerShell
- Preparation
- Protocol
- ReadyBoost
- Research
- Safari
- SANS
- Shared Folders
- Shellshock
- SMB
- SSH
- TOR
- Uncategorized
- USB Forensics
- Windows Forensics
- Windows Registry Forensics
- Windows Registry Forensics
- Windows Spotlight
- Windows XP
- Wireshark
CyberLinks
- Follow Hats Off Security on WordPress.com
Category Archives: USB Forensics
Force Enabling ReadyBoost Windows 7/8
Whilst writing a presentation on USB Forensics, I was hit with a problem with ReadyBoost being disabled on my Virtual Machine. The message would read This device cannot be used for ReadyBoost. ReadyBoost is not enabled on this computer because … Continue reading
USB Roadmap v2
A quick update to the USB Roadmap, a few comments from the first version were regarding the arrows. They were a little overwhelming and annoying, so I thought I would re-arrange it a little. I will look at any changes … Continue reading
USB Forensic “Roadmap”
As I have been researching and investigating USB Forensics I put together a “Roadmap” for my own personal reference. I made it using Maltego Case File and refer to it every now and then when I am attempting to remember … Continue reading
Posted in Cyber, Research, USB Forensics, Windows Forensics
Tagged artefact locations, hats off security, USB, windows 7, Windows Registry Forensics, Windows8
Leave a comment
SANS Christmas Hacking Challenge
I thought I would write about my experiences with the Christmas Hacking Challenge by SANS, I am writing this before Christmas, but I wont publish it until after the closing date for obvious reasons 🙂 The challenge has an amazing … Continue reading
Posted in Competition, Cyber, Heartbleed, Pen Testing, Research, SANS, Shellshock, USB Forensics, Windows Forensics
Tagged ../../../../, directory traversal, hats off security, heartbleed, linux, research, sans competiton, shellshock
12 Comments
Mounted Devices Key
Here is a screen capture of a Mounted Devices key. As you can see it can appear quite daunting. In a previous blog post I covered how a USB Mass Storage devices would simply convert ASCII to Hex and use … Continue reading
USB Forensics Update
Update #1 This is a late update to USB Forensics Part 4 – Volume Serial Number An important side note: As I have done more investigations I realised that this key will not be populated if the machine is deemed … Continue reading
USB Forensics Final Part! (aka Pt. 7) Device first/last plugged in
The USB forensics thread can continue until the end of time, or at least the end of my free space on here, with this in mind I am only showing you the basics of USB forensics. I may cover more … Continue reading
USB Forensics Pt. 6 Which user account used the USB device
Having all this information is all well and good, but right now all we can say for sure is that a USB device was used on this machine. Just because someone logged on to that machine doesn’t make them the … Continue reading
USB Forensics Pt.5 Determine the Drive Letter
Finding the last Drive letter used by the USB device is actually quite simple…. or at least it should be! Go to the following Key: SYSTEM\MountedDevices Each drive letter is listed, however in my example on the VM the E: … Continue reading
USB Forensics Pt. 4 Volume Serial Number
On to Part 4 of our ongoing discoveries about USB forensics. A quick recap So far we have managed to get details of two devices which have been connected to our image. We have looked at how to get: Unique … Continue reading
Hats Off Security 