Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Putting Together the RDPiece

BasisTech via YouTube

Overview

Explore the intricacies of ransomware investigations and the often-overlooked RDP Bitmap Cache artifact in this 35-minute conference talk from OSDFCon 2020. Learn how to piece together crucial information about attacker activities, even after cleanup attempts, using the RDPiece tool. Gain insights into extracting and analyzing RDP Bitmap Cache data, understanding its significance in digital forensics, and leveraging PowerShell scripts for efficient investigation. Discover how this underutilized artifact can provide answers to key questions about system access, data exfiltration, and attacker behavior. Benefit from Brian Moran's extensive experience in digital forensics and incident response as he shares his expertise on this evolving field.

Syllabus

Introduction
Title
Topics
Who am I
D for Fit
What is RDP
Why is RDP important
How I got interested in RDP
What is the already pippin bad cache
What is the RDPiece
Location of the files
Cache
Resources
OSDFCon
Extract RDPiece Data
Powershell
Folder Structure
Reorganizing
Math
Starting from scratch
Image Magic
Putting Pieces Together
Generating Data
Script Overview
Test Results
Saving Images
Output
Its not perfect
Open Source
Download Script
Heather
Questions

Taught by

BasisTech

Reviews

Start your review of Putting Together the RDPiece

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.