https://www.cfreds.nist.gov/data_leakage_case/data-leakage-case.html
#9. Explain the information of network interface(s) with an IP address assigned by DHCP.
#3 참고.
\HKLM\System\ControlSet001\services\Tcpip\Parameters\Interfaces\[하위키]
DhcpIPAddress : 10.11.11.129
'Forensic > CFReDS-Data Leakage Case' 카테고리의 다른 글
| data leakage case #12, window event log (system on/off) (0) | 2018.09.17 |
|---|---|
| data leakage case #10~11, application install/execution logs (0) | 2018.09.17 |
| data leakage case #8, last shutdown date/time (0) | 2018.08.10 |
| data leakage case #7, last logon user (0) | 2018.08.10 |
| data leakage case #6, all accounts list (0) | 2018.08.10 |
https://www.cfreds.nist.gov/data_leakage_case/data-leakage-case.html
http://www.antionline.com/showthread.php?275382-Time-and-date-of-last-shutdown
#8. When was the last recorded shutdown date/time?
#3 참고.
HKLM\System\ControlSet\Control\Windows
shutdown time : 57-A9-48-B5-10-67-D0-01 (2015-03-25 15:31:05)
'Forensic > CFReDS-Data Leakage Case' 카테고리의 다른 글
| data leakage case #10~11, application install/execution logs (0) | 2018.09.17 |
|---|---|
| data leakage case #9, network interface with IP (0) | 2018.08.10 |
| data leakage case #7, last logon user (0) | 2018.08.10 |
| data leakage case #6, all accounts list (0) | 2018.08.10 |
| data leakage case #5, computer name (0) | 2018.08.10 |
data leakage case #7, last logon user
https://www.cfreds.nist.gov/data_leakage_case/data-leakage-case.html
#7. Who was the last user to logon into PC?
#3 참고.
다음의 레지스트리 경로에 마지막으로 로그온한 유저 정보가 있다.
HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI
LastLoggedOnUser : informant
'Forensic > CFReDS-Data Leakage Case' 카테고리의 다른 글
| data leakage case #9, network interface with IP (0) | 2018.08.10 |
|---|---|
| data leakage case #8, last shutdown date/time (0) | 2018.08.10 |
| data leakage case #6, all accounts list (0) | 2018.08.10 |
| data leakage case #5, computer name (0) | 2018.08.10 |
| data leakage case #4, timezone (0) | 2018.08.10 |
