Clear, concise, and easy to grasp. If you aren't a teacher by profession, you should be. Subbed. 👍 Would love to see you do a video picking apart Windows 10 OEM Telemetry structures.
MACB timestamps for executables of target files aren't included when lnk files are parsed by the tool and output saved to csv file, it would add more valuable artifacts. Thank you for your efforts, the videos are really incredible.
Hey it would be really helpful if you can give quick guidance on SIDS role along access token ... ex ... which sid is used by domain admin and how do we detect other user information. All of above video's are extremely helpful and very well explained. Thank you .. please if you can provide your email address will be really helpful to contact you...
26 minutes and I learn more here then I do in a 3 hour lecture... You're a great teacher, thank you
I really appreciate you making these videos. Every time I watch your videos I find out about tools I didn't know about.
No thank you for thanking your time to make this important knowledge available to the people!!!☺
Clear, concise, and easy to grasp. If you aren't a teacher by profession, you should be. Subbed. 👍
Would love to see you do a video picking apart Windows 10 OEM Telemetry structures.
Good, factual, easy to understand and practical!
Excellent presentation. Well organized and informative. Thank you so much.
MACB timestamps for executables of target files aren't included when lnk files are parsed by the tool and output saved to csv file, it would add more valuable artifacts. Thank you for your efforts, the videos are really incredible.
in 3:38 what was he saying _____ Program? Thank you!
"...documents associated with a particular program..."
Very helpful and informative.
great video you rock!
What did you mean when you mentioned "*lnk" in ftk imager? Can you do wildcard searches within Imager?
You can create a Custom Content Image and specify Custom Content Sources based upon wildcards, whereby you could add *.lnk, *.pf, etc.
@@13Cubed hmm, I'll see if I can figure that out. I've done custom content images plenty but never thought I could modify beyond choosing the path
thank you!!!
Gold
Hey it would be really helpful if you can give quick guidance on SIDS role along access token ... ex ... which sid is used by domain admin and how do we detect other user information. All of above video's are extremely helpful and very well explained. Thank you .. please if you can provide your email address will be really helpful to contact you...