FOR‐230 - Foren-Ken/tech-journal GitHub Wiki
Why FOR-230?
FOR-230 Focuses on a more manual analysis of artifacts (beyond the automated tools like Autopsy, Axiom, and Oxygen). These skills provide a greater understanding of the inner workings of the Windows 10 and 11 operating system. These skills can be translated into artifact hunting, a future endeavor I'm interested in.
| Module | Topic | Deliverable |
|---|---|---|
| 0 | Pre-Lab | Eric Zimmerman Tools |
| 1 | Introduction to Recycling Bin Forensics | Recycling Bin Forensics |
| 2 | File Operations | File System Operations (Timestamps) |
| 3 | Prefetch | Prefetch Files |
| 4 | LNK Files | LNK File Forensic Value |
| 5 | JumpLists | JumpList Files |
| 6 | Thumbcache | Thumbcache Files |
| 7 | Windows Registry | Windows Registry Basics, Program Execution Traces, Registry Basic Locations |