Shellbag Forensics
https://www.ispeech.org/text.to.speech
As a continuation of the "Introduction to Windows Forensics" series, this video introduces Shellbags. Have you ever customized the folder view settings within any folder in Windows Explorer? This could be anything from changing the sort order, to changing the view type from icons, to list view, to detail view, changing what columns are visible, or even changing the size of the window. If so, when you’ve returned to that folder at a later date, you’ve probably seen that the customizations remained. That information is stored within “Shellbags”.
Why do we care about folder view settings, and how could this possibly be of forensic interest? Watch this video and find out!
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
Introduction to Windows Forensics:
Shellbags Forensics: Addressing a Misconception:
http://www.4n6k.com/2013/12/shellbags-forensics-addressing.html
Forensic Analysis of Windows Shellbags:
https://www.magnetforensics.com/computer-forensics/forensic-analysis-of-windows-shellbags/
Windows ShellBag Parser:
https://www.tzworks.net/prototype_page.php?proto_id=14
Shellbags.py:
https://github.com/williballenthin/shellbags
ShellBags Explorer:
https://ericzimmerman.github.io/
Internet Evidence Finder (IEF):
https://www.magnetforensics.com/magnet-ief/
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
2018-01-01 15:02:45
source
Gloss