From 9825a9c31f9394e9b1306da1b0ef0484fcc239d5 Mon Sep 17 00:00:00 2001 From: Frank Xu Date: Sat, 16 Sep 2023 15:14:43 -0400 Subject: [PATCH] add Python code to parse security event log (xml format) NIST_data_leakage02 --- README.md | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index c5ddfd0..8e16b72 100644 --- a/README.md +++ b/README.md @@ -131,22 +131,22 @@ The [case study](https://github.com/frankwxu/digital-forensics-lab/tree/main/NIS **Topics Covered** -| Labs | Topics Covered | Size of PPTs | -| ------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | -| Lab 0 | [Environment Setting Up](NIST_Data_Leakage_Case/NIST_Data_Leakage_00_Env_Setting.pptx) | 2M | -| Lab 1 | [Windows Registry](NIST_Data_Leakage_Case/NIST_Data_Leakage_01_Registry.pptx) | 3M | -| Lab 2 | [Windows Event and XML](NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML.pptx) [Python version](NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML_Python.pptx) | 10M | -| Lab 3 | [Web History and SQL](NIST_Data_Leakage_Case/NIST_Data_Leakage_03_WebHistory_SQL.pptx) | 3M | -| Lab 4 | [Email Investigation](NIST_Data_Leakage_Case/NIST_Data_Leakage_04_Email_USB.pptx) | 3M | -| Lab 5 | [File Change History and USN Journal](NIST_Data_Leakage_Case/NIST_Data_Leakage_05_USNJournaling.pptx) | 2M | -| Lab 6 | [Network Evidence and shellbag](NIST_Data_Leakage_Case/NIST_Data_Leakage_06_Network_Shellbag_Jumplist.pptx) | 2M | -| Lab 7 | [Network Drive and Cloud](NIST_Data_Leakage_Case/NIST_Data_Leakage_07_NetworkDrive_Cloud.pptx) | 5M | -| Lab 8 | [Master File Table ($MFT) and Log File ($logFile) Analysis](NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_%24MFT.pptx) | 13M | -| Lab 9 | [Windows Search History](NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_%24MFT.pptx) | 4M | -| Lab 10 | [Windows Volume Shadow Copy Analysis/SQL database carving](NIST_Data_Leakage_Case/NIST_Data_Leakage_10_Vol_Shadow_Copy.pptx) | 6M | -| Lab 11 | [Recycle Bin and Anti-Forensics](NIST_Data_Leakage_Case/NIST_Data_Leakage_11_RecycleBin_AntiForensics.pptx) | 3M | -| Lab 12 | [Data Carving](NIST_Data_Leakage_Case/NIST_Data_Leakage_12_CD-R_Data_Carving.pptx) | 3M | -| Lab 13 | [Crack Windows Passwords](NIST_Data_Leakage_Case/NIST_Data_Leakage_13_Crack_Win10_Login_Password.pptx) | 2M | +| Labs | Topics Covered | Size of PPTs | +| ------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | +| Lab 0 | [Environment Setting Up](NIST_Data_Leakage_Case/NIST_Data_Leakage_00_Env_Setting.pptx) | 2M | +| Lab 1 | [Windows Registry](NIST_Data_Leakage_Case/NIST_Data_Leakage_01_Registry.pptx) | 3M | +| Lab 2 | [Windows Event and XML](NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML.pptx) ([Python version](NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML_Python.pptx)) | 10M | +| Lab 3 | [Web History and SQL](NIST_Data_Leakage_Case/NIST_Data_Leakage_03_WebHistory_SQL.pptx) | 3M | +| Lab 4 | [Email Investigation](NIST_Data_Leakage_Case/NIST_Data_Leakage_04_Email_USB.pptx) | 3M | +| Lab 5 | [File Change History and USN Journal](NIST_Data_Leakage_Case/NIST_Data_Leakage_05_USNJournaling.pptx) | 2M | +| Lab 6 | [Network Evidence and shellbag](NIST_Data_Leakage_Case/NIST_Data_Leakage_06_Network_Shellbag_Jumplist.pptx) | 2M | +| Lab 7 | [Network Drive and Cloud](NIST_Data_Leakage_Case/NIST_Data_Leakage_07_NetworkDrive_Cloud.pptx) | 5M | +| Lab 8 | [Master File Table ($MFT) and Log File ($logFile) Analysis](NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_%24MFT.pptx) | 13M | +| Lab 9 | [Windows Search History](NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_%24MFT.pptx) | 4M | +| Lab 10 | [Windows Volume Shadow Copy Analysis/SQL database carving](NIST_Data_Leakage_Case/NIST_Data_Leakage_10_Vol_Shadow_Copy.pptx) | 6M | +| Lab 11 | [Recycle Bin and Anti-Forensics](NIST_Data_Leakage_Case/NIST_Data_Leakage_11_RecycleBin_AntiForensics.pptx) | 3M | +| Lab 12 | [Data Carving](NIST_Data_Leakage_Case/NIST_Data_Leakage_12_CD-R_Data_Carving.pptx) | 3M | +| Lab 13 | [Crack Windows Passwords](NIST_Data_Leakage_Case/NIST_Data_Leakage_13_Crack_Win10_Login_Password.pptx) | 2M | ---