Shell items, More than Meets the Eye
Join SANS webcast with David Cowen on Monday, May 16, 2016 at 1:00 PM EDT (17:00:00 UTC).
Here is its overview:
Its time to revisit everyones favorite windows forensic resources; shell items. Whether you like to look at them as lnk files, jumplists, shell bags or registry entries they are everywhere. In recent years and in recent versions of Windows we keep finding more data within shell items we can use to make even more correlations and find more evidence! Tune in to see new research, tools and analysis you can use to take your case farther today.