Menu
Blog
Windows Forensics:
Cache Memory and History Analysis: IE:
Firefox: Md5 Hash
Pfirewall.log Windows Password: Active Directory - NTDS.DID – For a System is SAM (System Account Manager) File – System32 Config, Additional Copy in repair folder.
NTLM V2 is the latest version used by windows: Sigverif: Shows unsigned drivers
Comments are closed.
|
Mac Forensics
|