Description: This is remake of the video I uploaded earlier in the week, except now with sound.
This is the first in a series of videos on Digital Forensic Examinations.
Episode One will show a quick and dirty attack on a machine that will leave lots of stuff for us to look at in the next episode.
I hope you enjoy.
Please leave comments, good or bad. I will read them all.
Tags: forensics , hacking , windows , evidence , series ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Great video, well done. Looking forward to see the next ones :-)
Excellent video, I love the good old Utilman/cmd switch, classic. Does it still work? You would think Microsoft would have some sort of MD5/Size check on that exe as it’s a good target for hackers. Anyway love the video will be watching this whole series. Good work and well done.
Great Job! I'll be here waiting for your next ones as well. ;)
i really liked the video! will be watching the whole series.
Love the video, looking forward to the series!
it will be more interesting if you make a video which describe how to bypass the EFS (Encrypted File System).
keep going...!
Nice, thanks a lot mate for remaking this video.
Looking forward to watch your primer.
Awesome! Had approved the video, but only got a chance to see right now.
I think your accent is pretty cool! and I had no problem at all. I think you came across quite clearly.
Looking forward to the next video! Can't wait to see how you reverse the hacker's activity :)
5hark5ter : Hey !! good one... Thank you for ur time.
Yes...absolutely....more!
I'd like to see a whole series on this subject.
As a side note, in the U.S. a call to the police *may* do some good but usually they're not interested. Even at the ISP I work for, they are rarely interested. Only if we find something really interesting will they send someone over. For the average user, we tell them to wipe the machine and start over (and this time patch and protect it).
Good video man,And we are waiting cuz you know we need to cover our *** , just can't wait man.
fantastic job keep it up.
Thank you for taking the time to create this video with sound.
I'm astonished that the Utilman trick still works with Windows 7. Didier Stevens (http://blog.didierstevens.com/) did a number of articles a couple of years ago where he created bespoke executables that were planted to respond to Win-U. They did much the same as what you did manually using <net user="" ...="">. He has also covered WFP and how to get around it and change the list of protected files.
I've taken an interest in digital forensics and would recommend Harlan Carvey's books as well as his blog (http://windowsir.blogspot.com/). Finally, it's interesting how tools such as EnCase have almost made professional analysts become skiddies! I don't mean this to be an insult but, in the video, you said something like "I'll have to remember how to everything manually", implying that analysts simply fire up the very costly software, which does it thing and spews out lots of interesting data.
Oops, I don't know where the additional data after net user came from in my last post!
Great video!
Very good video, I very curious how the next one will turn out.
Great! Thanks.
This is a great video thank you for sharing more education in the computer world. I feel we can never learn enough, and I am always trying to learn new things pentesting ect.
Thanks great video . Thank you very much
thanks :)5hark5ter Awsome video, waiting for next 1 ;)
please keep the series up :) it looks like it'll be a good series
We all eagerly await the next video :)
Hi everyone. Sorry for the delay in posting the second video. At the moment I am sick with chicken pox! However, the video is all planned out and should be with you by the weekend.
As soon as I am feeling better, I will respond to each of your kind comments.
Again, sorry for the delay. I'm itching to get going again (pun most definitely intended).
@5hark5ter Sorry to hear that my friend.
Hope you get better soon! Wish you a quick recovery.
hey 5hark5ter we definitely want more. Get well soon man. Damn chicken pox!!! I so hate you.
5hark5ter. Great vid. Really enjoyed it. Can't wait for the next one. Keep up the awesome work. Hope you're feeling better soon.
hope you feel better mate watched the video there enjoyed it and looking forward to the rest.
your dog looks cracking aswell mate
Well done! Computer forensic is a great topic...I was going to ask vivek sir to start a megaprimer on this topic. :P
Thanks looking forward for ur next video
Hi everyone. Sorry for the delay in the next video. I am finally feeling better, however I will be returning to work in the morning and will probably have lots of work to catch up on.
The next video will be up and running on Saturday.
Thanks
@Acebond - I've been discussing this with srhnz on the other video I posted. For some reason, MS have let this back into the loop. It works again on Windows 7 Ultimate. Weird.
@WCNA - I'll be covering the ACPO guidelines in the next video. These are the guidelines we adhere to in the UK. They're not law, but if you don't follow them during a forensic examination, you might as well not bother doing the work at all.
@toms12 - Ha ha. Well, I dunno about showing you how to cover your ***! Should help you work out how to make yourself safer though!
@Ignatius - Thanks for your comments and links. Harlan's pretty-much like a God of forensics. Definitely a good source of information on forensics. I really hope these videos keep your interest in forensics and that they help you develop in this field.
@OBJBOX35 - Thanks very much, mate. She's an awesome dog.
To everyone else, thanks for the thanks and the encouraging words. Next video coming on the weekend.
Just so you all know, the video (or videos, if it gets too long) will cover the acquisition of digital evidence and the processes that we need to follow to make sure our evidence is acceptable in Court, etc. It may be a bit dry, however it is very important, especially if you're looking to do work in this area.
Looking forward to bringing it to you on Saturday.
Take care, everyone.
Am currently studying forensics in university, please post as many videos as you can :)
Am I correct in thinking your Welsh?
Keep up the good work :)
@LordJonesIII - thanks, glad you're enjoying. Which university are you studying at?
And, yes, you'd be correct in guessing I am Welsh!
@5hark5ter - Im studying at Glamorgan University. and am a valley boy :)
Great video...really interested in this!
@LordJonesIII - I was considering doing an MSc in Forensics there last year. You based in Ponty or Llanelli? I live in Swansea.
@hackfupanda - Again, thanks for your comments, mate. I hope you enjoy the rest of the series I'm putting together.