DFSP # 329 - Shellbags

Digital Forensic Survival Podcast - A podcast by Digital Forensic Survival Podcast - Martedì

Categorie:

This week is a back to basics episode where I cover Windows shell bags. This is a core Windows artifact that gets included in pretty much  every file use and knowledge investigation. Any investigation where you’re looking to tie a specific account to directory access activity. Like most Windows artifacts you must know how user interaction affects the artifact in order to properly interpreted as evidence and you must also be aware of any caveats or pitfalls that may affect your evidence. Spoiler alert, there is a huge one associated with Windows shell bags that I’ll cover at the end of the episode-it’s nothing new but if you’re unfamiliar with it you definitely need to know about it.

Visit the podcast's native language site