Hats Off Security
-
Recent Posts
- How to Create a Good Security CTF
- NoScript Plugin Forensic Investigation – Firefox/ToR Browser
- Keybase.io Forensics Investigation
- When is Index.dat not Evidence of Browsing
- HTTP Methods
- Wireshark – More Basics
- Decrypting Traffic in Wireshark
- Identifying Sites in Encrypted Traffic
- SMB2 Protocol Negotiation
- SMB2 – File/Directory Metadata
Categories
- Attack
- Browser Forensics
- Brute force
- Chrome
- Competition
- Competitions
- Containment
- Content Delivery Manager
- Cookies
- Cryptography
- CTF
- Cyber
- Cyber Security Challenge
- Decoding Time
- Encrypted Traffic
- Firefox
- Forensic Readiness Plan
- General
- Google Analytics
- Google Chrome
- Google Rapid Response
- Group Policy
- GRR
- Hardening
- Heartbleed
- Identification
- Incident Response
- Internet Explorer
- Introduction
- Jump Lists
- Keybase
- Link FIles
- Linux Forensics
- Memory Forensics
- Microsoft Edge
- My Two Cents
- Network Analytics
- Network Forensics
- pass the hash
- PCAP Analysis
- Pen Testing
- Preparation
- Protocol
- ReadyBoost
- Research
- Safari
- SANS
- Shared Folders
- Shellshock
- SMB
- SSH
- TOR
- Uncategorized
- USB Forensics
- Windows Forensics
- Windows Registry Forensics
- Windows Registry Forensics
- Windows Spotlight
- Windows XP
- Wireshark
CyberLinks
- Follow Hats Off Security on WordPress.com
- My Tweets
Category Archives: Windows Registry Forensics
Windows XP Restore Points
I know XP is going the way of the Dodo, which is why I wanted to write this post. As blogs and posts update and keep up with the latest versions of Windows I find it harder and harder to … Continue reading
USB Forensics Update
Update #1 This is a late update to USB Forensics Part 4 – Volume Serial Number An important side note: As I have done more investigations I realised that this key will not be populated if the machine is deemed … Continue reading
Research: Decoding LanmanServer\Shares
For my first fully independent research topic I chose to look at the registry key created when an object is shared. This all started with a job we were investigating recently where the indicators we were given did not turn … Continue reading
USB Forensics Pt. 3 Discover the Volume Name
Part 3 of our investigation is to discover what the Volume Name of the USB device was. This can be helpful when looking into Link (.lnk) files (which I will cover in a later blog post). It can also occasionally … Continue reading