Thanks Richard for another great video. This is an artefact I wasn't actually familiar with so your explanations are very helpful! I will definitely take your advice and do some further research, thanks for the links
OK video for general procedure. I have to say, though, that I can't see what is being typed in those dark screens with small fonts, and I'm on a desktop too -- not mobile device. I know I can just review the tools command line, but if you're going to be making demo videos and you have a high resolution screen, you might want to zoom in or make cmd window large enough to see. Just a suggestion.
You'd have to grab that information from netstat, and match up the PID of the nc.exe process (assuming it's active at the time). Or, you could potentially extract that information from a memory capture of the machine with a Volatility plugin like netscan.
It's 2.5K QHD resolution with clear audio. Admittedly, the text isn't nearly big enough, but that was an earlier video and I was still learning the process. But, hey, thanks for the feedback!
Thank you for greate SRUM tutorial
It was very useful. Excellent. Any video on Windows Sandbox Forensics
Not yet - but that's on my suggestion list.
Thanks Richard for another great video. This is an artefact I wasn't actually familiar with so your explanations are very helpful! I will definitely take your advice and do some further research, thanks for the links
OK video for general procedure. I have to say, though, that I can't see what is being typed in those dark screens with small fonts, and I'm on a desktop too -- not mobile device. I know I can just review the tools command line, but if you're going to be making demo videos and you have a high resolution screen, you might want to zoom in or make cmd window large enough to see. Just a suggestion.
This is a very old episode. You'll find that the production quality has greatly increased for newer ones.
Change video res to HD and this issue is fixed.
how did you manage to put these files like "SAM" or "SYSTEM"
please
FTK Imager
Nice one, quick question how do we identify to which IP or Domain name the nc.exe moved the data ?
You'd have to grab that information from netstat, and match up the PID of the nc.exe process (assuming it's active at the time). Or, you could potentially extract that information from a memory capture of the machine with a Volatility plugin like netscan.
In my case i can simply copy paste the file (tested in Windows 10&11)
Any idea what foreground CPU time is in? Is that seconds ?!?
It's milliseconds (ms), as I recall.
How do you convert the BytesOutBound to more readable format. e.g. Mb, Gb ?
You could apply an Excel formula to divide the bytes by 1,048,576. This would convert it to MB, as that's the exact number of bytes in a megabyte.
Hi I use Windows 10, can you Explain to me why in all sheets my User SID are NONE?
Nerd alert if you laughed out loud (1/2 point if you snorted,) at this spot.
ruclips.net/video/Uw8n4_o-ETM/видео.html
Ok. Ok. Guilty.
its very bad quality and not handy for study
It's 2.5K QHD resolution with clear audio. Admittedly, the text isn't nearly big enough, but that was an earlier video and I was still learning the process. But, hey, thanks for the feedback!
V
Change the quality using the cog icon numbnuts; don't blame this guy for making free content.
i simply used ROBOCOPY to copy the file with the /B specified .
Interesting -- I had not tried that. Thanks for sharing!