Forensicating Windows Artifacts: Investigating incidents w/out event logs!
When dealing with security incidents, hackers tend to wipe their digital footprints to avoid being detected. Normally, they wanted to wipe event logs, so it would be hard for incident responders / forensicators to detect what exactly they did on the compromised machine. As a security professionals working in investigation like this, what would you do once the event logs got wiped? That's why windows artifacts are there to help us investigate and conduct forensics to know what happened before and after compromising the windows machine. On this talk, I'm going to show you the importance of windows artifacts such as prefetch files,registry keys,link files, browser artifacts,shell bags,etc. I will also show you the tools that I've been using in order to get the best out of it during forensics investigation. This lesson is very important specially to those people working in SOC environment, incident responders, and digital forensics investigators.
Speaker Bio: Renzon is a young security professional who works in Malomatia, Doha Qatar as a Senior Security Analyst performing threat hunting, incident response and digital forensics. Prior to Malomatia, he was a security consultant with the largest LNG (Oil & Gas) company in the world. He was previously worked as part time instructor in Philippines (New Era University) who created the Information Security & Assurance syllabus for College of Computer Science students. He is also part of VARIA Cybersecurity, an organization in Philippines who conducts boot camp training mainly in VAPT, where he acts as Blue Team Operations Manager.