Internet Explorer XP / web page components / search terms / Internet Explorer Win7 / Memory analysis tools / Internet Explorer/Recovery Location / Internet Explorer XP %userprofile%\Cookies Win7 / Internet Explorer/Recovery Win7 / web browsers / web application / Internet Explorer XP %APPDATA%\Macromedia\Flash Player\ XP %APPDATA%\Macromedia\Flash XP %APPDATA%\Macromedia\Flash / file systems / online lookup / Internet Explorer Location / free search engine / Internet applications / Internet Explorer XP %userprofile%\Local Settings\History\ / Internet browsing / search engines / Internet Explorer XP %userprofile%\Application Data\Mozilla\Firefox\ Profiles\ .default\places.sqlite Win7 %userprofile%\AppData\Roaming\Mozilla\Firefox\ Profiles\ .default\places.sqlite Cookies give insight / recent media files / network devices / http /
OperatingSystem
Windows 7 / XP / Windows XP / Microsoft Windows / Windows NT / Microsoft Vista / /
Person
DAT HIVE / DAT HIVE NTUSER / Rob Lee / /
Position
investigator / driver / Manager / Play driver / Plug and Play driver / openioc.org IOC Editor / manager application / bulk_extractor / search assistant / signed driver / Malware Analyst / analyst / Assistant / /
ProgrammingLanguage
R / C / K / V / L / /
PublishedMedium
the NTFS $Filename times / /
Technology
VPN / MAC Address / search engine / Plug and Play / Mobile Device / operating system / operating systems / ASCII / Digital signature / Flash / GUI / /
Windows Artifact Analysis: Evidence of... ©2012 SANS – Created by Rob Lee and the SANS DFIR Faculty Open/Save MRU E-mail Attachments