Windows SRUM Forensics

Рет қаралды 21,932

13Cubed

Күн бұрын

Пікірлер

@user-good_day_ 6 жыл бұрын

Thank you for greate SRUM tutorial

@glassfrog3 7 жыл бұрын

Thanks Richard for another great video. This is an artefact I wasn't actually familiar with so your explanations are very helpful! I will definitely take your advice and do some further research, thanks for the links

@mdyousufuddin 3 жыл бұрын

It was very useful. Excellent. Any video on Windows Sandbox Forensics

@13Cubed 3 жыл бұрын

Not yet - but that's on my suggestion list.

@jamiekomodo1751 4 жыл бұрын

OK video for general procedure. I have to say, though, that I can't see what is being typed in those dark screens with small fonts, and I'm on a desktop too -- not mobile device. I know I can just review the tools command line, but if you're going to be making demo videos and you have a high resolution screen, you might want to zoom in or make cmd window large enough to see. Just a suggestion.

@13Cubed 4 жыл бұрын

This is a very old episode. You'll find that the production quality has greatly increased for newer ones.

@CM-tw2oj 2 жыл бұрын

Change video res to HD and this issue is fixed.

@zelenko2064 4 жыл бұрын

how did you manage to put these files like "SAM" or "SYSTEM" please

@sean7949 3 жыл бұрын

FTK Imager

@samjohn1098 2 жыл бұрын

Nice one, quick question how do we identify to which IP or Domain name the nc.exe moved the data ?

@13Cubed 2 жыл бұрын

You'd have to grab that information from netstat, and match up the PID of the nc.exe process (assuming it's active at the time). Or, you could potentially extract that information from a memory capture of the machine with a Volatility plugin like netscan.

@TheMindfulEdge1 2 жыл бұрын

How do you convert the BytesOutBound to more readable format. e.g. Mb, Gb ?

@13Cubed 2 жыл бұрын

You could apply an Excel formula to divide the bytes by 1,048,576. This would convert it to MB, as that's the exact number of bytes in a megabyte.

@0Trance0 Жыл бұрын

Any idea what foreground CPU time is in? Is that seconds ?!?

@13Cubed Жыл бұрын

It's milliseconds (ms), as I recall.

@matteov.7072 6 жыл бұрын

Hi I use Windows 10, can you Explain to me why in all sheets my User SID are NONE?

@mouadzehari1724 Жыл бұрын

In my case i can simply copy paste the file (tested in Windows 10&11)

@robertboles7418 5 жыл бұрын

Nerd alert if you laughed out loud (1/2 point if you snorted,) at this spot. kzbin.info/www/bejne/i6ibn2eVpJJ4iq8 Ok. Ok. Guilty.

@cdielearn3710 Жыл бұрын

its very bad quality and not handy for study

@13Cubed Жыл бұрын

It's 2.5K QHD resolution with clear audio. Admittedly, the text isn't nearly big enough, but that was an earlier video and I was still learning the process. But, hey, thanks for the feedback!

@AlistairEwingforensic-services 7 ай бұрын

V Change the quality using the cog icon numbnuts; don't blame this guy for making free content.