Windows SRUM Forensics

Поделиться
HTML-код
  • Опубликовано: 26 дек 2024

Комментарии • 23

  • @mdyousufuddin
    @mdyousufuddin 3 года назад +3

    It was very useful. Excellent. Any video on Windows Sandbox Forensics

    • @13Cubed
      @13Cubed  3 года назад

      Not yet - but that's on my suggestion list.

  • @user-good_day_
    @user-good_day_ 6 лет назад +3

    Thank you for greate SRUM tutorial

  • @glassfrog3
    @glassfrog3 7 лет назад

    Thanks Richard for another great video. This is an artefact I wasn't actually familiar with so your explanations are very helpful! I will definitely take your advice and do some further research, thanks for the links

  • @jamiekomodo1751
    @jamiekomodo1751 4 года назад +2

    OK video for general procedure. I have to say, though, that I can't see what is being typed in those dark screens with small fonts, and I'm on a desktop too -- not mobile device. I know I can just review the tools command line, but if you're going to be making demo videos and you have a high resolution screen, you might want to zoom in or make cmd window large enough to see. Just a suggestion.

    • @13Cubed
      @13Cubed  4 года назад +1

      This is a very old episode. You'll find that the production quality has greatly increased for newer ones.

    • @CM-tw2oj
      @CM-tw2oj 2 года назад +1

      Change video res to HD and this issue is fixed.

  • @zelenko2064
    @zelenko2064 4 года назад

    how did you manage to put these files like "SAM" or "SYSTEM"
    please

    • @sean7949
      @sean7949 3 года назад +1

      FTK Imager

  • @0Trance0
    @0Trance0 Год назад

    Any idea what foreground CPU time is in? Is that seconds ?!?

    • @13Cubed
      @13Cubed  Год назад

      It's milliseconds (ms), as I recall.

  • @TheMindfulEdge1
    @TheMindfulEdge1 2 года назад

    How do you convert the BytesOutBound to more readable format. e.g. Mb, Gb ?

    • @13Cubed
      @13Cubed  2 года назад

      You could apply an Excel formula to divide the bytes by 1,048,576. This would convert it to MB, as that's the exact number of bytes in a megabyte.

  • @samjohn1098
    @samjohn1098 2 года назад

    Nice one, quick question how do we identify to which IP or Domain name the nc.exe moved the data ?

    • @13Cubed
      @13Cubed  2 года назад

      You'd have to grab that information from netstat, and match up the PID of the nc.exe process (assuming it's active at the time). Or, you could potentially extract that information from a memory capture of the machine with a Volatility plugin like netscan.

  • @matteov.7072
    @matteov.7072 6 лет назад

    Hi I use Windows 10, can you Explain to me why in all sheets my User SID are NONE?

  • @mouadzehari1724
    @mouadzehari1724 Год назад +1

    In my case i can simply copy paste the file (tested in Windows 10&11)

  • @robertboles7418
    @robertboles7418 5 лет назад

    Nerd alert if you laughed out loud (1/2 point if you snorted,) at this spot.
    ruclips.net/video/Uw8n4_o-ETM/видео.html
    Ok. Ok. Guilty.

  • @cdielearn3710
    @cdielearn3710 Год назад

    its very bad quality and not handy for study

    • @13Cubed
      @13Cubed  Год назад

      It's 2.5K QHD resolution with clear audio. Admittedly, the text isn't nearly big enough, but that was an earlier video and I was still learning the process. But, hey, thanks for the feedback!

    • @AlistairEwingforensic-services
      @AlistairEwingforensic-services 7 месяцев назад

      V
      Change the quality using the cog icon numbnuts; don't blame this guy for making free content.

  • @tunivol6626
    @tunivol6626 2 года назад +1

    i simply used ROBOCOPY to copy the file with the /B specified .

    • @13Cubed
      @13Cubed  2 года назад

      Interesting -- I had not tried that. Thanks for sharing!