Welcome Message
13 views
Skip to first unread message
OmenScan
Dec 7, 2017, 11:16:22 PM12/7/17
to Forensic Utilities Artifacts
Welcome to the Forensic Utilities Artifacts Forum
This Forum was created as a place for the DFIR community to discuss and document the Artifacts created by Free and Open Source Forensics Utilities.
Most Incident Responders have their own Triage/Live Response/Live Acquisition scripts that automate the process of gathering Artifacts and Telemetry from Live Endpoints. These scripts typically run common Utilities from publishers like SysInternals, Nirsoft, and others. Yet the artifacts they leave behind are often not documented. This forum was created as a place to document and discuss those artifacts to better ensure non-repudiation.
Each Forensic Utility Discussion should contain the following
This Forum was created as a place for the DFIR community to discuss and document the Artifacts created by Free and Open Source Forensics Utilities.
Most Incident Responders have their own Triage/Live Response/Live Acquisition scripts that automate the process of gathering Artifacts and Telemetry from Live Endpoints. These scripts typically run common Utilities from publishers like SysInternals, Nirsoft, and others. Yet the artifacts they leave behind are often not documented. This forum was created as a place to document and discuss those artifacts to better ensure non-repudiation.
Each Forensic Utility Discussion should contain the following
- Name Of Utility
- Hash
- Command Line used (if any)
- Artifacts it WILL leave behind, and how that affects non-repudiation
- File Additions, Changes, Deletions
- Registry Additions, Changes, Deletions
- Other Additions, Changes, Deletions
- Artifacts it MAY leave behind, and how that affects non-repudiation
- File Additions, Changes, Deletions
- Registry Additions, Changes, Deletions
- Other Additions, Changes, Deletions
Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages