Windows 10 DFIR and InfoSec Challenges

Windows 10 DFIR and InfoSec Challenges

BSidesLV via YouTube Direct link

Swapfile.sys

19 of 22

19 of 22

Swapfile.sys

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Windows 10 DFIR and InfoSec Challenges

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Windows 10 is the LAST Version of Windows
  3. 3 Windows as a Service (WAAS) Definitions
  4. 4 ActivitiesCache.db
  5. 5 System Resource Usage Monitor (SRUM)
  6. 6 Tracking Artifacts of Program Execution
  7. 7 Signed Driver Enforcement
  8. 8 Virtual Secure Mode (VSM/VBS)
  9. 9 Credential Isolation
  10. 10 CG Prevents Cached Credential Harvesting
  11. 11 VSM and Acquisition Tools
  12. 12 Required Setup for Testing Acquisition Tools
  13. 13 Hibernation Files
  14. 14 Modern Hiberation Files Pain
  15. 15 Gathering Encryption Keys
  16. 16 Analysis without Encryption Keys
  17. 17 Memory Compression Challenges
  18. 18 Memory Compression Analysis
  19. 19 Swapfile.sys
  20. 20 Encrypted KDBG & Volatility Starting with Windows the critical KOBG structure is encrypted in memory
  21. 21 Volatility Underscore Profiles
  22. 22 Questions/Comments?

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.