SANS SIFT – NTUSER.DAT Forensics Challenge Walkthrough
https://www.ispeech.org/text.to.speech
Hello all, I decided I'd do a video on the forensics side of things before doing my next CTF/PentesterLab walkthrough. This one comes from CEIC 2015, a conference I'm not too familiar with. From what I understand SANS came up with the challenge and you can read Dan from 4n6k's writeup of it here:
http://www.4n6k.com/2015/05/forensics-quickie-ntuserdat-analysis.html
I decided I would do the same challenge but try to use the SANS SIFT virtual machine to become more familiar with the tools it has baked in. So I did! SANS SIFT is downloadable here:
http://digital-forensics.sans.org/community/downloads
The first problem from the challenge was unfamiliar to me so I used regshot snapshots before and after my search to figure out the registry key I needed to look for. Regshot can be found here:
https://sourceforge.net/projects/regshot/
I did have to download another tool called reglookup which you can find here:
https://github.com/ecbftw/reglookup
And finally, the GUI tool on the 4n6k blog is called Registry Explorer and can be found here:
https://ericzimmerman.github.io/
Until next time!
2016-08-21 00:50:02
source
Gloss