This month’s new module for the MCAS Windows Forensic Gatherer queries the Windows Security event log to gather information on the user’s logon and logoff activities, helping us to determine exactly when they were using the system.
In a previous post I began building a Python tool that gathers Windows forensic artefacts and parses them into a timeline. In that post I wrote a function that gathers Windows Prefetch application data – this time, let’s take a look at the Recycle Bin.
We’re making progress in training the next generation of cyber security professionals, but for young people to take that training and learn the right skills in the first place they need to be aware of the opportunities available to them in the industry.
Bit by bit, I’m going to build a Python tool to scrape a Windows system disk image for common forensic artefacts and build a CSV timeline from the evidence gathered. In this first post, I’ll parse and add the data stored in Windows Prefetch files.
As I mentioned in my recent post about what I learnt in my first year as a cyber security consultant, I always keep an ebook handy on my phone so I can learn something new on long train journeys. Most recently, this has been Threat Modeling: Designing for Security.