Greetings from the antipodes! I am currently compiling a list of key files to examine when performing forensic analysis on MS based operating systems and common applications. Examples are INFO files - These are Recycle bin history records. They can be recovered and analysed using Encase and Data Sniffer. Provides information on files sent to the recycle bin. Secevent.evt Sysevent.evt Appevent.evt - Win2K Event logs. If deleted can be recovered using Encase Escript or Data Sniffer. They can be opened using the W2k Event Viewer. They provide Security, System and application event information on W2k and NT systems. If you can point me in the direction of an existing resource I would be most grateful. If you have can provide me with information on any other files then I will gladly share with you the completed list in PDF when it is complete! Regards Cameron Farquhar ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jul 17 2001 - 10:35:06 PDT