openVPN
•openVPN Client ist auf dem Rechner installiert
•Binaries und Konfig. unter
C:\Program Files\OpenVPN
•\Bin Binaries
•GUI
•Libraries
•Openvpn Client und Server
SVA Modul Internet 2.2.5 Teil 2 |
71 |
openVPN
•Config Zertifikat and Key, configuration file
•Findings on infrastructure
•\log Ordner contains the Client Logs
The project has been funded by the European Commission. The Education, Audiovisual and Culture Executive program (EACEA), TEMPUS IV. The content of this presentation reflects the opinion of the author.
Windows Artifacts
Digital Forensic
Developers:
C. Yesil
Windows OS-Artifacts
By the end of the presentation participants will be able to:
•Identify at least 2 artifacts of forensic interest;
•Identify, at a glance differences between Windows XP and Windows Vista /7
•Overview of Registry Hives & RPs/Shadow Copy
Operating System
•An operating system communicates with the hardware.
•It is comprised of system software.
•Common desktop operating systems:
•Windows,
•Mac OS X,
•and Linux.
Windows Operating System
Windows Folder Structure
•Folder structures within OS may vary.
•The “OS” will install the hierarchical structure in a unique way.
•OS decides Where and What info is stored.
Artifacts of Forensic Interest
•User Profiles
•Application Data
•Registry
•Restore Points (RP)
•Volume Shadow Copies (VSS)
USER PROFILES
•Contains user configuration settings / files on a Windows XP\Vista\7 system.
|
|
Location Found |
Windows Version |
SystemRoot |
Note: XP systems upgrade |
|
from NT may have profile |
|
located here |
|
|
Documents and Settings\Username |
XP |
\Users |
Vista, 7, 8 |
|
|
Which Version ?
Windows 7 / 8
Windows
XP