Shell Items, Eventlogs, Forensics
|
|
- Hortense Lee
- 6 years ago
- Views:
Transcription
1 Shell Items, Eventlogs, Forensics Georgi Nikolov today
2 Shell Items
3 What are shell items? Figure 1:
4 Shell Items Overview Data or file holding information for accessing another file Serves as a pointer to a file/program/folder Attributes Type of Drive Target is On Path of Target file Target Metadata
5 Recent Documents Remember the recent documents we saw catalogued in the registry? Figure 2: Do you remember?
6 Recent Documents Shortcut Files (.lnk) LNK files are automatically created by Windows in Recent folder Users\<user>\AppData\Roaming\Microsoft\Windows\Recent Non-executable files opened generate TWO linkfiles One link file for the target file One link file for parent folder of target file
7 Recent Documents Shortcut Files (.lnk) (cont.) Link file points to Target file MAC times Volume Information (Name, Type, Vol.Serial#) Fixed, Removable, Network Target Original Path & Location Each link file has: The time and date the link file was created The time and date the link file was last modified
8 Recent Documents Shortcut Files (.lnk) (cont.) In Win8/8.1 and further URL link files are created when a website is accessed via: The Run Dialog The Windows search charm From a lnk file From a link in an application
9 Jump Lists Figure 3: A list of previously visited items/locations
10 Win7 - Win10 Jump Lists Right-click on a program or task Lists of recently accessed items/files a user can jump to Items may be present in list even after being deleted
11 Automatic Destinations Location C:\Users\<user>\AppData\Roaming\Microsoft\Windows\ Recent\AutomaticDestinations Contains a list of applications sorted by AppID Files have: Creation Time = First time item added to the AppID file. First time of execution of application, with the file open Modification Time = Last time item added to the AppID file. Last time of execution of application, with the file open
12 AppIDs Each application has unique identifiers but not unique to the system Unique identifiers are universal across all the Windows systems (table of AppIDs matched to Applications)
13 Tracking Folder/Directory Usage Win7-Win10 Shellbags Shellbags contain information about accessed folders Windows uses the Shellbag keys to store preferences for the GUI folder display Can track user activity by examining which folders have been accessed Shellbags also can contain information about files in the accessed folders
14 Event Log Analysis
15 Windows Events Centralized recording of information about: Software Hardware Operating system functions Security Multiple events compromise an event log
16 A collection of Event logs Figure 4:
17 Event Log Analysis What happened? When it happened? What user was involved? What systems were involved? Which resources were accessed?
18 Event Log Definition Any significant occurrence in the system or in a program that requires users to be notified, or an entry added to a log [1] [1]
19 Where to find the event logs In Windows NT/2000/XP/Server 2003 first logs introduced in NT 3.1 in 1993 *.evt file format %systemroot%\system32\config Files: SecEvent.evt, AppEvent.evt, SysEvent.evt In Windows Visa/7-10/2008/2012/2016 *.evtx file format %systemroot%\system32\winevt\logs Remote log server Files: Security.evtx, Application.evtx, System.evtx
20 Where to find the event logs (cont.) Event logs location can be retrieved from the registry HKLM\SYSTEM\CurrentControlSet\Services \EventLog\Application HKLM\SYSTEM\CurrentControlSet\Services \EventLog\System HKLM\SYSTEM\CurrentControlSet\Services \EventLog\Security
21 How event logs work Logs are implemented using circular buffer The buffer loops around Eventually oldest entries are overwritten by newest ones In previous versions logs are stored locally In newer versions logs can be sent to remote servers (! ) Important to remember to check external servers
22 *.evtx Log File format Memory efficiency, less costly to log XML format good for filtering Improved messaging Expanded number of event logs
23 Types of Event logs Security System access control and security settings information events based on audit and group policies Application Custom events related to Windows services, drivers, resources, ect. software events unrelated to OS custom application logs
24 Extra types of Event logs Directory Service standard on domain controllers records events logged by Active Directory and its related services File Replication Service standard on domain controllers records updates between the domain controller infrastructure DNS Server standard on servers running the DNS service records DNS administrative information (zone management, start/stop of DNS service)
25 Applications and Services Logs Introduction of new format opens the way to more specialised event logs In addition to Application, System and Security over 60 other event log types Specialised logs go further back in time than the 3 major event logs New logs can be broken into three categories: Setup : identifies what Windows security updates, patches and hotfixes have been added to the system Forwarded Events : Windows Collection Service is responsible for collecting logs from remote systems to a collector system Applications and Services : compromises the new custom logs introduced in newer versions of Windows
26 Applications and Services Logs (cont.) Figure 5:
27 Security logs Most commonly reviewed in forensics analysis Failure and success can be audited Only updated by the LSASS process Security logs record: Account Logon, Account Management, Directory services, Logon Events, Object Accces, Policy Change, Privilege Use, Process Tracking, System Events
28 What is Recorded? Account Logon Account Mgmt Directory Service Logon events Object Access Policy Change Privilege Use Process Tracking System Events
29 Event Types Error Warning Information significant problem occured: loss of data or functionality not significant problem, may indicate future problem successful operation of application, driver or service Success audit audited security event completed successfully Failure audit audited security event completed unsuccessfully
30 s
31 Forensics Figure 6:
32 Why do we need Forensics? High amount of phishing attacks Users have low understanding of security measures Can contain User specific information Insight into what events happened
33 Have you been pwned? Figure 7:
34 Important questions Where are the files stored? ex. Host-based , servers, cloud-based , mobile How to acquire them? What information can we find?
35 Where are the files stored Host-based s data stored on local machine local stored s almost always assoiciated with an client potentially password protected deleted archives
36 Local clients Microsoft Outlook Mozilla Thunderbird Information over client stored in registry: NTUSER.DAT\Unreadmail
37 Microsoft Outlook File extension : *.pst" Archive stored by default in (can be quite big): %USER%\AppData\Local\Microsoft\Outlook Data about client stored in registry Encryption/obfuscation enabled by default
38 Mozilla Thunderbird File extension : *.mbox" Archive stored by default in (can be quite big): %USER%\AppData\Roaming\Thunderbird\Profiles\<Profile name>\" Data about client stored in registry Encryption/obfuscation enabled by default
39 How to acquire the data Microsoft Outlook (cont.) Use of dedicated tools to parse the *.pst" files readpst - transforms PST files to MBOX pffexport - extracts PST files to readable format Mozilla Thunderbird (cont.) s stored in MIME format s can be accessed easily through the User s profile folder
40 What information can we find? Who sent the ? address IP address Contextual clues When was it sent? Header date and time Mail server timestamps
41 What information can we find? (cont.) Where was it sent from? IP address/isp Geo-location Mail server domain Message ID Is there relevant content? Message body Attachments Address book Calender entries
42 What information can we find? (cont.) Figure 8:
43 Review major forensic principles 1. Review installed applications 2. Locate and acquire local archives 3. Identify and export the mailboxes 4. Process and review using forensic tools 5. Export relevant files from archive
TZWorks Windows Event Log Viewer (evtx_view) Users Guide
TZWorks Windows Event Log Viewer (evtx_view) Users Guide Abstract evtx_view is a standalone, GUI tool used to extract and parse Event Logs and display their internals. The tool allows one to export all
More informationComputer Forensics: Investigating File and Operating Systems, Wireless Networks, and Storage, 2nd Edition. Chapter 5 Windows Forensics II
Computer Forensics: Investigating File and Operating Systems, Wireless Networks, and Storage, 2nd Edition Chapter 5 Windows Forensics II Objectives After completing this chapter, you should be able to:
More informationFile Backup Windows Live Mail Contacts Folder
File Backup Windows Live Mail Contacts Folder Xp You are currently unable to back up your Windows Live Calendar events. Mail (commonly found on Windows Vista) and Outlook Express on Windows XP. Your Windows
More informationAnalysis Villanova University Department of Computing Sciences D. Justin Price Spring 2014
Email Analysis Villanova University Department of Computing Sciences D. Justin Price Spring 2014 EMAIL ANALYSIS With the increase in e-mail scams and fraud attempts with phishing or spoofing Investigators
More informationAnalysis Villanova University Department of Computing Sciences D. Justin Price Fall 2014
Email Analysis Villanova University Department of Computing Sciences D. Justin Price Fall 2014 EMAIL ANALYSIS With the increase in e-mail scams and fraud attempts with phishing or spoofing Investigators
More informationFile Backup Windows Live Mail Contacts Folder Located Book (contacts)
File Backup Windows Live Mail Contacts Folder Located Book (contacts) With today's use of e-mail you almost can't afford to lose a single e-mail so let alone your entire mail archive, For Outlook 2007
More informationColligo Manager 5.4 SP3. User Guide
5.4 SP3 User Guide Contents Enterprise Email Management for SharePoint 2010 1 Benefits 1 Key Features 1 Platforms Supported 1 Installing and Activating Colligo Email Manager 2 Checking for Updates 4 Updating
More informationThunderbird POP Instructions Bloomsburg University Students
This guide will assist you in setting up Thunderbird to work with your student email account using POP. Thunderbird is a free multi platform email client available from Mozilla at http://www.mozillamessaging.com/.
More informationFile Backup Windows Live Mail 2011 Calendar Corrupt Data
File Backup Windows Live Mail 2011 Calendar Corrupt Data If the issue persists, there might be a probable corruption in data file, you may refer to steps Note: Though, scanpst will take a backup of original
More informationWebsitePanel User Guide
WebsitePanel User Guide User role in WebsitePanel is the last security level in roles hierarchy. Users are created by reseller and they are consumers of hosting services. Users are able to create and manage
More informationColligo Engage Outlook App 7.1. Connected Mode - User Guide
7.1 Connected Mode - User Guide Contents Colligo Engage Outlook App 1 Benefits 1 Key Features 1 Platforms Supported 1 Installing and Activating Colligo Engage Outlook App 2 Checking for Updates 3 Updating
More informationClient Configuration Guide
Email Client Configuration Guide Contents Prerequisites... 1 Microsoft Outlook 2007... 2 Microsoft Outlook 2002/XP and 2003... 7 Microsoft Windows Mail (available with Vista only)... 11 Microsoft Outlook
More informationTZWorks Event Log Parser (evtwalk) Users Guide
TZWorks Event Log Parser (evtwalk) Users Guide Abstract evtwalk is a standalone, command-line tool used to extract records from Event logs from. evtwalk can be easily incorporated into any analysts processing
More informationThunderbird IMAP Instructions Bloomsburg University Students
This guide will assist you in setting up Thunderbird to work with your student email account using IMAP. Thunderbird is a free multi platform email client available from Mozilla at http://www.mozillamessaging.com/.
More informationCigati Outlook Recovery. (Version 18.0)
Cigati Outlook Email Recovery (Version 18.0) Overview Cigati Outlook Email Recovery Tool lets you repair deleted as well as corrupt Outlook emails with ease. The software is an advanced recovery tool which
More informationManageEngine EventLog Analyzer. Installation of agent via Group Policy Objects (GPO)
ManageEngine EventLog Analyzer Installation of agent via Group Policy Objects (GPO) Document Summary This document briefly describes the steps to install EventLog Analyzer agent software via Group Policy
More informationSymantec Enterprise Vault 2007 Installation & Configuration
Symantec Enterprise Vault 2007 Installation & Configuration Pre-Installation, Installation & Configuration of Enterprise Vault 2007 Pre-installation Task Adding ALIAS and SITE of Enterprise Vault Server
More informationOutlook to Mac Mail. Installation Guide. Overview Migration Software System Requirements Application Loading...
Overview... 3 01 Migration Software... 3 01 System Requirements... 3 01 Application Loading... 3 02 Software Installation... 3 03 PC Install from Download Link... 3 03 Migration Process on the Old PC...
More information11 th National Investigations Symposium
11 th National Investigations Symposium Making the most of electronic data How Computer Forensics can assist investigations 10 November 2016 David Sinden Electronic Evidence Specialist Introduction 10
More informationHow Do I Transfer My Outlook s From One Computer To Another
How Do I Transfer My Outlook 2010 Emails From One Computer To Another Outlook 2010 You can export your email and mail folders, calendar and appointments, tasks, notes and additional content from Outlook.pst
More informationUNIT 9 Introduction to Linux and Ubuntu
AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT 9 Introduction to Linux and Ubuntu Learning Objectives Participants will understand the basics of Linux, including the nature,
More informationNetwrix Auditor. Event Log Export Add-on Quick-Start Guide. Version: 8.0 6/3/2016
Netwrix Auditor Event Log Export Add-on Quick-Start Guide Version: 8.0 6/3/2016 Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment
More informationPass Microsoft Exam
Pass Microsoft 98-367 Exam Number: 98-367 Passing Score: 700 Time Limit: 45 min File Version: 51.0 http://www.gratisexam.com/ Pass Microsoft 98-367 Exam Exam Name: Security Fundamentals Certdumps QUESTION
More informationDesktop & Laptop Edition
Desktop & Laptop Edition USER MANUAL For Mac OS X Copyright Notice & Proprietary Information Redstor Limited, 2016. All rights reserved. Trademarks - Mac, Leopard, Snow Leopard, Lion and Mountain Lion
More informationELODEA USER'S GUIDE HOW TO SETUP, CONFIGURE AND USE ELODEA
ELODEA USER'S GUIDE HOW TO SETUP, CONFIGURE AND USE ELODEA Table of Contents 1. Introduction... 2 2. Understanding Elodea... 3 2.1. Deployment approaches... 4 2.2. Feeds and subscriptions... 7 3. System
More informationManually Backup Windows Mail Live 2011 Contacts Folder
Manually Backup Windows Mail Live 2011 Contacts Folder It saves email and news messages, address book, rules, email and news It allows you to save Personal Folders, Contacts, Personal Address Book, Mail
More informationHow do I configure my LPL client to use SSL for incoming mail?
How do I configure my LPL email client to use SSL for incoming mail? When you begin using your modern graphical email client program (e.g., Thunderbird, Mac Mail, Outlook), it will present a series of
More informationFile Backup Windows Live Mail And
File Backup Windows Live Mail 2011 Email And Contacts Like what you see here? Subscribe to the Tech Tips newsletter! Email: Step 1: Exporting Contacts from Windows Live Mail Once you have chosen the name
More informationFile Backup Windows Live Mail Contacts Folder Location Xp
File Backup Windows Live Mail Contacts Folder Location Xp Our old xp computer died and I did not have a backup of our windows live mail contacts. /89411-where-windows-live-mail-address-book-contacts-folder-located.html
More informationSetup Program Lets users install the application by running a windows Setup program Lets users specify the installation directory Creates a shortcut
Installing new software can be an exciting and anxious experience. You give over control of the system to a program that may demand administrator privilege and then begins to update some of the most fragile
More informationKernel Migrator. for SharePoint. Configuration Guide
Kernel Migrator for SharePoint Table of Contents 1. System Requirements... 4 1.1 Minimum System Requirements... 4 1.2 Required Operating Systems... 4 1.3 Supported Virtual Environment... 4 1.4 Supported
More informationFile Backup Windows Live Mail 2011 Calendar Corruption
File Backup Windows Live Mail 2011 Calendar Corruption This error indicates an issues with email database and it might be corrupt. Create a backup copy of Windows live email database located at: C:/Program
More informationPrivileged Identity App Launcher and Session Recording
Privileged Identity App Launcher and Session Recording 2018 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are
More informationCNIT 121: Computer Forensics. 14 Investigating Applications
CNIT 121: Computer Forensics 14 Investigating Applications Applications Not part of the operating system User applications Internet browsers, email clients, office suites, chat programs, and more Service
More informationTABLE OF CONTENTS. Page 1 of 59
Page 1 of 59 TABLE OF CONTENTS Introduction... 3 Features... 4 General Features... 4 IBackup Professional lets you view the log files of backup, restore, scheduled backup and the details of files and folders
More informationMailStore Server 6 Documentation
MailStore Server 6 Documentation 2010 deepinvent Software GmbH 15. April 2012 Products that are referred to in this document may be either trademarks and/or registered trademarks of the respective owners.
More informationFile Backup Windows Live Mail 2012 Contacts Locations
File Backup Windows Live Mail 2012 Contacts Locations Nov 11, 2014. I am running Live Mail 2012 on my Windows 7 Ultimate PC. I copied all the files in my Live Mail Directory and copied them to my Windows
More informationParaben Examiner 9.0 Release Notes
Paraben E-mail Examiner 9.0 Release Notes 1 Paraben Corporation Welcome to Paraben s E-mail Examiner 9.0! Paraben s Email Examiner-EMX allows for the forensic examination of the most popular local e-mail
More informationThunderbird IMAP Instructions - Bloomsburg University Students
This guide will assist you in setting up Thunderbird to work with your student email account using IMAP. Thunderbird is a free multi-platform email client available from Mozilla at http://www.mozillamessaging.com/.
More informationFile Backup Windows Live Mail 2011 For Gmail
File Backup Windows Live Mail 2011 For Gmail Vs Hey guys, Just got a quick question regarding Windows Live Mail. I know it's probably not supported anymore (the version I installed is from 2011, even!)
More informationOutlook to Entourage
Overview... 3 01 Migration Software... 3 01 System Requirements... 3 02 Application Loading... 3 02 Software Installation... 3 02 PC Install from Download Link... 3 03 Migration Process on the Old PC...
More informatione-storage Mail Archive e-storage Mai Archive
e-storage Mai Archive 1 TABLE OF CONTENTS 1.0 Overview..... 4 2.0 e-storage Mail Archive..... 5 2.1 Introduction... 5 2.2 Requirements..... 6 2.3 Create new archive profile..... 7 2.3.1 Gmail Account......
More informationVolatile Data Acquisition & Analysis
Volatile Data Acquisition & Analysis Villanova University Department of Computing Sciences D. Justin Price Spring 2014 VOLATILE INFORMATION Memory that requires power to maintain data. Exists as Physical
More informationNote, you must have Java installed on your computer in order to use Exactly. Download Java here: Installing Exactly
Exactly: User Guide Exactly is used to safely transfer your files in strict accordance with digital preservation best practices. Before you get started with Exactly, have you discussed with the archive
More informationFile Backup Windows Live Mail 2012 Contacts Location Location
File Backup Windows Live Mail 2012 Contacts Location Location The current version is Windows Live Mail 2012 " Wave 5 ", now a much closer alternative to with a full-fledged address book that allows you
More informationOracle Eloqua Sales Tools for Microsoft Outlook. User Guide
Oracle Eloqua Sales Tools for Microsoft Outlook User Guide 2018 Oracle Corporation. All rights reserved 21-Sep-2018 Contents 1 Oracle Eloqua Sales Tools for Microsoft Outlook 3 2 Frequently asked questions
More informationAccessData. Forensic Toolkit. Upgrading, Migrating, and Moving Cases. Version: 5.x
AccessData Forensic Toolkit Upgrading, Migrating, and Moving Cases Version: 5.x 1 AccessData Legal and Contact Information Document date: March 27, 2014 Legal Information 2014 AccessData Group, Inc. All
More informationMigration Manager User s Guide
Migration Manager User s Guide Table of Contents 1. Introduction... 8 Overview... 8 What is User State?... 8 Operating System Settings... 8 Application Settings... 8 Documents and Data Files... 8 Custom
More informationWindows Artifacts as a part of Digital Investigation
Windows Artifacts as a part of Digital Investigation Divyang Rahevar, Nisarg Trivedi Institute of Forensic Science Gujarat Forensic Sciences University Gandhinagar, Gujarat India divurahevar@gmail.com,
More informationNetIQ Advanced Authentication Framework - Virtual Desktop Authentication (VDA) Profile Editor. Administrator's Guide. Version 5.1.
NetIQ Advanced Authentication Framework - Virtual Desktop Authentication (VDA) Profile Editor Administrator's Guide Version 5.1.0 Table of Contents 1 Table of Contents 2 Introduction 3 About This Document
More informationUser Manual. Admin Report Kit for Exchange Server
User Manual Admin Report Kit for Exchange Server Table of Contents 1 About ARKES-Admin Report Kit for Exchange Server 1 1.1 System requirements 2 1.2 How to activate the software? 3 1.3 ARKES Reports Primer
More informationDigital forensics. Andrej Brodnik. Andrej Brodnik: Digital Forensics
Digital forensics Andrej Brodnik Computer pre-knowledge: architecture of computers basics (BIOS) operating system secondary memory (disc) and its organization file systems chapter 15 Startup startup steps
More informationEthical Hackers Perspective Things that Make a Hacker's Job Easy
WEALTH ADVISORY OUTSOURCING AUDIT, TAX, AND CONSULTING Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor Ethical Hackers Perspective
More informationHow to Install and Use Zimbra Connector for Outlook
How to Install and Use Zimbra Connector for Outlook With the Zimbra Collaboration Suite Connector for Outlook (ZCO), you can use Microsoft Outlook 2003 to access your Zimbra server and synchronize your
More informationAccessData Forensic Toolkit Release Notes
AccessData Forensic Toolkit 6.2.1 Release Notes Document Date: 4/24/2017 2017 AccessData Group, Inc. All rights reserved Introduction This document lists the new features, fixed issues, and known issues
More informationMatt Danner Flashback Data
Preservation Strategies and Data Collection from a Forensic Expert's Point of View Best practices on executing preservation and administering collection protocols with emphasis on forensically sound methods
More informationEnterprise Edge 2.0 Unified Messaging Client Installation Guide
Enterprise Edge 2.0 Unified Messaging Client Installation Guide www.nortelnetworks.com 2000 Nortel Networks P0911954 Issue 01 Contents Chapter 1 Installing Enterprise Edge Unified Messaging Accessories
More informationWEBppliance for Windows User Administrator's Help
WEBppliance for Windows User Administrator's Help September 23, 2003 Contents About This Document...3 How to use this Help system...4 Getting started...6 What to do first... 6 Viewing your account settings...
More informationHPE Security ArcSight Connectors
HPE Security ArcSight Connectors SmartConnector for Microsoft Windows Event Log Unified Configuration Guide May 16, 2016 SmartConnector for Microsoft Windows Event Log Unified Configuration Guide SmartConnector
More informationCisco Unified Serviceability
Cisco Unified Serviceability Introduction, page 1 Installation, page 5 Introduction This document uses the following abbreviations to identify administration differences for these Cisco products: Unified
More informationZimbra Collaboration Two-Factor Authentication
Protecting Your Zimbra Collaboration Environment Zimbra Collaboration Two-Factor Authentication A Zimbra Collaboration Whitepaper Table of Contents Improves Your Company s Security 3 How Does It Work?
More informationRelease Notes. Last Updated: March 2018
Office 365 Manager Release Notes Last Updated: March 2018 Version 5.0 Included support for Multi Factor Authentication enabled Office 365 tenant in the application. Removed support for x86 machine architecture
More informationUser Addendum User Box Scan support on the Fiery E C-KM Color Server, version 1.1
User Addendum User Box Scan support on the Fiery E 10 50-45C-KM Color Server, version 1.1 This document describes installing software for User Box scan support on the Fiery E 10 50-45C-KM Color Server,
More informationEkran System v Program Overview
Ekran System v. 6.2 Program Overview Contents About the Program Login Ekran Server & Management Tool Notifying Users about Being Database Management Monitored Licensing User Blocking Client Installation
More informationCOPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51
Acknowledgments Introduction Part I: The Basics in Depth 1 Chapter 1: Windows Attacks 3 Attack Classes 3 Automated versus Dedicated Attacker 4 Remote versus Local 7 Types of Attacks 8 Dedicated Manual
More informationExchange Protection Whitepaper
Whitepaper Contents 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Introduction... 2 Documentation... 2 Licensing... 2 Exchange Server Protection overview... 3 Supported platforms... 3 Requirements by platform... 3 Remote
More informationRELEASE NOTES LABEL ARCHIVE May, Table of Contents. System Requirements
RELEASE NOTES LABEL ARCHIVE 2015.01 10 May, 2016 Table of Contents System Requirements New Features & Enhancements New Device Support Fixed Defects Known Limitations Compatibility with other TEKLYNX Software
More informationXton Access Manager GETTING STARTED GUIDE
Xton Access Manager GETTING STARTED GUIDE XTON TECHNOLOGIES, LLC PHILADELPHIA Copyright 2017. Xton Technologies LLC. Contents Introduction... 2 Technical Support... 2 What is Xton Access Manager?... 3
More informationNetwrix Auditor for Active Directory
Netwrix Auditor for Active Directory Quick-Start Guide Version: 8.0 4/22/2016 Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment
More informationApplication Launcher & Session Recording
Installation and Configuration Guide Application Launcher & Session Recording 5.5.3.0 Copyright 2003 2017 Lieberman Software Corporation. All rights reserved. The software contains proprietary information
More informationServer Edition USER MANUAL. For Mac OS X
Server Edition USER MANUAL For Mac OS X Copyright Notice & Proprietary Information Redstor Limited, 2016. All rights reserved. Trademarks - Mac, Leopard, Snow Leopard, Lion and Mountain Lion are registered
More informationOverview. Top. Welcome to SysTools MailXaminer
Table of Contents Overview... 2 System Requirements... 3 Installation of SysTools MailXaminer... 4 Uninstall Software... 6 Software Menu Option... 8 Software Navigation Option... 10 Complete Steps to Recover,
More informationManageEngine EventLog Analyzer Quick Start Guide
ManageEngine EventLog Analyzer Quick Start Guide Contents Installing and starting EventLog Analyzer Connecting to the EventLog Analyzer server Adding devices for monitoring Adding Windows devices Adding
More informationAccessData Forensic Toolkit 6.2 Release Notes
AccessData Forensic Toolkit 6.2 Release Notes Document Date: 4/3/2017 2017 AccessData Group, Inc. All rights reserved Introduction This document lists the new features, fixed issues, and known issues for
More informationCSC 2209: CLOUD STORAGE FINAL PROJECT
CSC 2209: CLOUD STORAGE FINAL PROJECT DAVID SOLYMOSI AND JIMMY ZHU 1. High Level Overview We implemented a backup and sync service with a focus on minimizing network traffic at the cost of local storage
More informationAccessData AD Lab Release Notes
AccessData AD Lab 6.2.1 Release Notes Document Date: 4/24/2017 2017 AccessData Group, Inc. All rights reserved Introduction This document lists the new features, fixed issues, and known issues for this
More informationManually Backup Windows Mail Live 2011 Calendar Corrupt
Manually Backup Windows Mail Live 2011 Calendar Corrupt Windows live email might give an error while trying to send receive mails error id: 0 80004005. This error indicates an issues with email database
More informationDownloading, Installing, and Configuring Blackboard Drive
M06-Downloading, Installing, and Configuring Blackboard Drive Blackboard Learn: Moving Content This handout contains the exact same information as the corresponding Blackboard Learn Moving Content videos
More informationWHAT S NEW WITH OBSERVEIT: INSIDER THREAT MANAGEMENT VERSION 6.5
WHAT S NEW WITH OBSERVEIT: INSIDER THREAT MANAGEMENT VERSION 6.5 ObserveIT s award-winning insider threat management software combines user monitoring, behavioral analytics, and now policy enforcement
More informationEvent Log 101. What is Event Log? Windows version of syslog.
Event Log Analysis Event Log 101 What is Event Log? Windows version of syslog. Where are these artifacts located in? %SystemRoot%\System32\winevt\Logs %SystemRoot% is C:\Windows typically. 2 Event Log
More informationMigration from Metalogix Archive Manager (MAM) to Enterprise Vault (EV)
Migration from Metalogix Archive Manager (MAM) to Enterprise Vault (EV) FEBRUARY 29, 2016 TECH-ARROW a.s. KAZANSKÁ 5, 821 06 BRATISLAVA, SLOVAKIA All Rights Reserved Contents Source and target environment...
More informationINSTITUTO SUPERIOR TÉCNICO
INSTITUTO SUPERIOR TÉCNICO DEPARTAMENTO DE ENGENHARIA INFORMÁTICA FORENSICS CYBER-SECURITY MEIC, METI Lab Guide III & IV Case Solving: Mr. Informant Case 2015/2016 nuno.m.santos@tecnico.ulisboa.pt 1 Introduction
More informationManually Backup Windows Mail Live s Stored
Manually Backup Windows Mail Live 2011 Emails Stored When I export email I notice that they have long alphanumeric n. Is there a program or can I have Live mail read these exported emails on an external
More informationLaserfiche 8.1 New Features Quick Reference. White Paper
Laserfiche 8.1 New Features Quick Reference White Paper May 2009 The information contained in this document represents the current view of Compulink Management Center, Inc on the issues discussed as of
More informationis still the most used Internet app. According to some studies around 85% of Internet users still use for communication.
1 E-mail is still the most used Internet app. According to some studies around 85% of Internet users still use e-mail for communication. Electronic mail is a method to exchange digital messages from a
More informationCase Study. Log Analysis. Automated Windows event log forensics. Engagement Preliminary Results Final Report. Extract Repair. Correlate.
Automated Windows event log forensics Case Study Engagement Preliminary Results Final Report Log Analysis Extract Repair Interpret Rich Murphey ACS Extract Repair DFRWS Aug 13, 2007 1 Sponsor: Special
More informationColligo Engage Outlook App 7.1. Offline Mode - User Guide
Colligo Engage Outlook App 7.1 Offline Mode - User Guide Contents Colligo Engage Outlook App 1 Benefits 1 Key Features 1 Platforms Supported 1 Installing and Activating Colligo Engage Outlook App 3 Checking
More informationWhat desktop integrations are available using Productivity Tools?
General Questions, page 1 Installation and Configuration, page 2 Scheduling Meetings using, page 4 Instant Meetings using, page 5 Site Administration, page 8 General Questions What are WebEx? What desktop
More informationSymantec Enterprise Vault
Symantec Enterprise Vault PST Migration 11.0 Symantec Enterprise Vault: PST Migration The software described in this book is furnished under a license agreement and may be used only in accordance with
More informationUser Manual Documentation
User Manual Documentation Overview Dated: 10 th February 2018 Webmail is essentially using a web browser, such as Internet Explorer or Firefox, to access your Email account. The advantages of such a system
More informationPrognosis Essentials Lab
Prognosis Essentials Lab Prognosis fundamentals Wednesday, October 18, 2017 Randy Andrews Rick Scheidegger Please check-in on the mobile app - see your class record, remember what tests to take, and help
More informationDigital Forensics. Module 7 CS 996
Digital Forensics Module 7 CS 996 Module #6 Covered Using Autopsy Using Helix 3/30/2005 Module 7 2 Outline of Module #7 Review mid-term Helix presentation Forensic business news Gates v. Bando case Linux
More informationDell Repository Manager Business Client Version 2.2 User s Guide
Dell Repository Manager Business Client Version 2.2 User s Guide Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION
More informationMicrosoft Office User Manual 2007 Pack 2 Process
Microsoft Office User Manual 2007 Pack 2 Process The Microsoft Office Configuration Analyzer Tool (OffCAT) 2.0 provides a quick Service Pack 3 provides the latest updates to the 2007 Microsoft Office Suite.
More informationWindows Server 2003 Network Administration Goals
Objectives Differentiate between the different editions of Windows Server 2003 Explain Windows Server 2003 network models and server roles Identify concepts relating to Windows Server 2003 network management
More informationWinCCU Service Pack 6.04
WinCCU Service Pack 6.04 Warning!!!!!! This WinCCU 6.04 product update is intended to be used with WinCCU32 6.0 or newer software. Do not attempt to update an older version (WinCCU 5.28 or older) of WinCCU.
More informationOffice365 End User Training & Self-Service Migration Manual
Office365 End User Training & Self-Service Migration Manual Version 1.0 University Systems and Security 5/25/2016 1 P a g e Table of Contents 2 P a g e Table of Contents Introduction to Office365... 4
More informationComputer Forensics CCIC Training
Computer Forensics CCIC Training Chapter 6: Recent Files Lauren Pixley and Cassidy Elwell May 2017 (Version 1) This work by California Cyber Training Complex is licensed under a Creative Commons Attribution-NonCommercial
More informationOffice365 End User Training & Self-Service Migration Manual Simplified
Office365 End User Training & Self-Service Migration Manual Simplified Version 1.0 University Systems and Security 5/25/2016 1 P a g e Table of Contents 2 P a g e Table of Contents Introduction to Office365...
More informationBackupVault Desktop & Laptop Edition. USER MANUAL For Microsoft Windows
BackupVault Desktop & Laptop Edition USER MANUAL For Microsoft Windows Copyright Notice & Proprietary Information Blueraq Networks Ltd, 2017. All rights reserved. Trademarks - Microsoft, Windows, Microsoft
More information