NIST CFREDS Hacking Case Walkthrough

The NIST CFREDS Hacking Case can be found here: 

https://www.cfreds.nist.gov/Hacking_Case.html

Here is the pdf version of my walkthrough:

https://drive.google.com/file/d/1V5mBsIcalexG_1gRuM2AE-j7WG0ToOfe/view?usp=sharing

Video Playlist: https://www.youtube.com/playlist?list=PLkFMwi6oLTFxZg7pwjIxdA3w51bUuUJW2

Concepts Covered include:

     Using Autopsy Forensic Suite

        Using Eric Zimmerman's Registry Explorer

Windows MACB Timestamps

Shellbags

MRU Lists

Carved Files

Configuration Files

Recycle Bin Forensics

Organization of the Registry

Hives and Root Keys

What root keys contain

Timestamp Types

Prefetch forensics

Installed programs

SIDs

Comments

  1. MattJune 6, 2021 at 10:36 AM

    Please let me know in the comments whether you found the videos and pdf useful + any feedback you may have.

    ReplyDelete
  2. DanialFebruary 4, 2022 at 3:23 AM

    Hey man! I loved the NIST Hacking Case that you did, gave me a good insight on the functions of Autopsy. But I'm working on the NIST CFREDS Data Leakage Case, and I was wondering if you are planning to cover that as well? Thank you!

    ReplyDelete
  3. MattFebruary 4, 2022 at 6:45 AM

    Thank you! It's very nice to get some feedback. I have probably half of the data leakage case done, but it's quite large and I got a new job as an incident responder as I was working on it so I basically stopped for a while while learning the job. I'm finishing up a quick NIST volatility scenario and then I plan to return to the data leakage case. It takes a long time to make this stuff but I'm hoping the fact that much of it was covered in the hacking case will make it easier.

    ReplyDelete

Post a Comment

Popular Posts