Windows ShellBag Forensics null Mumbai Meet 11 July 2015 Null/OWASP Monthly Meet
Abstract
The problem of identifying when and which folders a user accessed arises often in digital forensics. Forensicators attempt to search for them in the ShellBags information because it may contain registry keys that indicate which folders the user accessed in the past. Their timestamps may demonstrate when the user
accessed them While shellbags have been available since Windows XP, they have only recently become a popular artifact as examiners are beginning to realize their potential value to an investigation. In a nutshell, shellbags help track views, sizes and positions of a folder window when viewed through Windows Explorer; this includes network folders and removable devices.
Speaker
Security / Forensic Consultant
Timing
Starts at Saturday July 11 2015, 11:46 AM. The sessions runs for 39 minutes.