📚 Windows

📚 Windows OS Primer

Plan for Windows Forensics

Done (Udemy watched, tools installed and used, conclusions made) is bolded:

1. Prefetch
2. LNK
3. Shellbag
4. Memory

Useful commands

Potentially to BTFM or RTFM

net user administrator /active:yes - activate default admin or lnsrmgr.msc -> enable.

psexec -i -s cmd.exe - escalate to System priviledges.

pwdump7 -d <path_to_protected_file> <where_to_copy>

Services

Processes running in the background and sometimes have SYSTEM privileges. May not even be listed in Task Manager, but Autorun tool will probably show them.