Images

In writing Investigating Windows Systems, published in 2018, I made use of publicly available images found on the Internet. Some were images posted as examples of techniques, others were posted by professors running courses, and some were from CTFs. If you have read the book, you’ll know that for each of the images, I either used or made a more “real world” scenario, something that aligned much more closely to my experiences over two and a half decades of DF/IR work, a good bit of which was consulting. During that time, and at several different companies, we’d have an “IR hotline” folks could call, and request computer incident response…this is something many firms continue to do. Those firms also very often had “intake forms”, documents an analyst would fill out with pertinent information from a caller or customer, which very often included investigative goals.

Over the years, the sites from which I downloaded some of the images I used have disappeared, which is unfortunate, but not a deal killer. The intent and value of the book isn’t about the images, but rather, about the process. The processes used, even those where an image of a Windows XP system was used, can be replicated, developed, and extended for any Windows OS.

Brett Shavers recently posted on LinkedIn, pointing the repository of available images he’s compiled at DFIR.Training.

Over at […]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Windows Incident Response

Read the original article:

Images

Read the original article:

Like this:

Related

Read the original article:

Share this:

Like this:

Related

Post navigation