split anti-forensics from Volumn shadow copy

2026-04-10 12:13:44 +00:00 · 2021-11-12 22:32:14 -05:00
parent 9595c30df5
commit 32ccccb9a2
10 changed files with 17 additions and 17 deletions
--- a/NIST_Data_Leakage_Case/NIST_Data_Leakage_00_Env_Setting.pptx
+++ b/NIST_Data_Leakage_Case/NIST_Data_Leakage_00_Env_Setting.pptx
--- a/NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML.pptx
+++ b/NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML.pptx
--- a/NIST_Data_Leakage_Case/NIST_Data_Leakage_03_WebHistory_SQL.pptx
+++ b/NIST_Data_Leakage_Case/NIST_Data_Leakage_03_WebHistory_SQL.pptx
--- a/NIST_Data_Leakage_Case/NIST_Data_Leakage_04_Email_USB.pptx
+++ b/NIST_Data_Leakage_Case/NIST_Data_Leakage_04_Email_USB.pptx
--- a/NIST_Data_Leakage_Case/NIST_Data_Leakage_05_USNJournaling.pptx
+++ b/NIST_Data_Leakage_Case/NIST_Data_Leakage_05_USNJournaling.pptx
--- a/NIST_Data_Leakage_Case/NIST_Data_Leakage_06_Network_Shellbag_Jumplist.pptx
+++ b/NIST_Data_Leakage_Case/NIST_Data_Leakage_06_Network_Shellbag_Jumplist.pptx
--- a/NIST_Data_Leakage_Case/NIST_Data_Leakage_07_NetworkDrive_ShellBag.pptx
+++ b/NIST_Data_Leakage_Case/NIST_Data_Leakage_07_NetworkDrive_ShellBag.pptx
--- a/NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_$MFT.pptx
+++ b/NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_$MFT.pptx
--- a/NIST_Data_Leakage_Case/NIST_Data_Leakage_09_Win_searchDB_csvsql.pptx
+++ b/NIST_Data_Leakage_Case/NIST_Data_Leakage_09_Win_searchDB_csvsql.pptx
--- a/README.md
+++ b/README.md
@@ -97,26 +97,26 @@ The [P2P data leakage case study](https://github.com/frankwxu/digital-forensics-
 The [case study](https://github.com/frankwxu/digital-forensics-lab/tree/main/NIST_Data_Leakage_Case) is to investigate an image involving intellectual property theft. The study include

 - A large and complex case study created by NIST. You can access the [Senario, DD/Encase images](https://www.cfreds.nist.gov/data_leakage_case/data-leakage-case.html). You can also find the [solutions](https://www.cfreds.nist.gov/data_leakage_case/leakage-answers.pdf) on their website.
- 13 hands-on labs/topics in digital forensics
+- 14 hands-on labs/topics in digital forensics

 **Topics Covered**

-| Labs   | Topics Covered                                                                                               | Size of PPTs |
-| ------ | ------------------------------------------------------------------------------------------------------------ | ------------ |
-| Lab 0  | [Environment Setting Up](NIST_Data_Leakage_Case/NIST_Data_Leakage_00_Env_Setting.pptx)                       | 2M           |
-| Lab 1  | [Windows Registry](NIST_Data_Leakage_Case/NIST_Data_Leakage_01_Registry.pptx)                                | 3M           |
-| Lab 2  | [Windows Event and XML](NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML.pptx)                        | 3M           |
-| Lab 3  | [Web History and SQL](NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML.pptx)                          | 3M           |
-| Lab 4  | [Email Investigation](NIST_Data_Leakage_Case/NIST_Data_Leakage_04_Email_USB.pptx)                            | 3M           |
-| Lab 5  | [File Change History and USN Journal](NIST_Data_Leakage_Case/NIST_Data_Leakage_05_USNJournaling.pptx)        | 2M           |
-| Lab 6  | [Network Evidence and shellbag](NIST_Data_Leakage_Case/NIST_Data_Leakage_06_Network_Shellbag_Jumplist.pptx)  | 2M           |
-| Lab 7  | [Network Drive and Windows shellbag](NIST_Data_Leakage_Case/NIST_Data_Leakage_07_NetworkDrive_ShellBag.pptx) | 5M           |
-| Lab 8  | [Master File Table ($MFT) Analysis](NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_%24MFT.pptx)              | 4M           |
-| Lab 9  | [Windows Search History](NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_%24MFT.pptx)                         | 4M           |
-| Lab 10 | [Windows Volume Shadow Copy Analysis](NIST_Data_Leakage_Case/NIST_Data_Leakage_10_Vol_Shadow_Copy.pptx)      | 6M           |
-| Lab 11 | [Recycle Bin and Anti-Forensics](NIST_Data_Leakage_Case/NIST_Data_Leakage_11_RecycleBin_AntiForensics.pptx)  | 3M           |
-| Lab 12 | [Data Carving](NIST_Data_Leakage_Case/NIST_Data_Leakage_12_CD-R_Data_Carving.pptx)                           | 3M           |
-| Lab 13 | [Crack Windows Passwords](NIST_Data_Leakage_Case/NIST_Data_Leakage_13_Crack_Win10_Login_Password.pptx)       | 2M           |
+| Labs   | Topics Covered                                                                                              | Size of PPTs |
+| ------ | ----------------------------------------------------------------------------------------------------------- | ------------ |
+| Lab 0  | [Environment Setting Up](NIST_Data_Leakage_Case/NIST_Data_Leakage_00_Env_Setting.pptx)                      | 2M           |
+| Lab 1  | [Windows Registry](NIST_Data_Leakage_Case/NIST_Data_Leakage_01_Registry.pptx)                               | 3M           |
+| Lab 2  | [Windows Event and XML](NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML.pptx)                       | 3M           |
+| Lab 3  | [Web History and SQL](NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML.pptx)                         | 3M           |
+| Lab 4  | [Email Investigation](NIST_Data_Leakage_Case/NIST_Data_Leakage_04_Email_USB.pptx)                           | 3M           |
+| Lab 5  | [File Change History and USN Journal](NIST_Data_Leakage_Case/NIST_Data_Leakage_05_USNJournaling.pptx)       | 2M           |
+| Lab 6  | [Network Evidence and shellbag](NIST_Data_Leakage_Case/NIST_Data_Leakage_06_Network_Shellbag_Jumplist.pptx) | 2M           |
+| Lab 7  | [Network Drive and Windows shellbag](NIST_Data_Leakage_Case/NIST_Data_Leakage_07_NetworkDrive_Cloud.pptx)   | 5M           |
+| Lab 8  | [Master File Table ($MFT) Analysis](NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_%24MFT.pptx)             | 4M           |
+| Lab 9  | [Windows Search History](NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_%24MFT.pptx)                        | 4M           |
+| Lab 10 | [Windows Volume Shadow Copy Analysis](NIST_Data_Leakage_Case/NIST_Data_Leakage_10_Vol_Shadow_Copy.pptx)     | 6M           |
+| Lab 11 | [Recycle Bin and Anti-Forensics](NIST_Data_Leakage_Case/NIST_Data_Leakage_11_RecycleBin_AntiForensics.pptx) | 3M           |
+| Lab 12 | [Data Carving](NIST_Data_Leakage_Case/NIST_Data_Leakage_12_CD-R_Data_Carving.pptx)                          | 3M           |
+| Lab 13 | [Crack Windows Passwords](NIST_Data_Leakage_Case/NIST_Data_Leakage_13_Crack_Win10_Login_Password.pptx)      | 2M           |

 ---