tag:blogger.com,1999:blog-9518042.post115573448366203826..comments2024-03-16T07:01:22.721-05:00Comments on Windows Incident Response: Where to start?Unknownnoreply@blogger.comBlogger3125tag:blogger.com,1999:blog-9518042.post-22489542093455617692006-08-23T06:32:00.000-05:002006-08-23T06:32:00.000-05:00I try to decompress or get my mind off of things f...I try to decompress or get my mind off of things for a bit if I'm stuck on an exam, as well. I do the same thing with reports (and I found it to be very effective in the military when I was writing personnel reviews)...write some stuff down, and then put it away and don't touch it for a day or two...and come back.<br /><br />I think that the kind of resource you're referring to is already there...the <a href="http://www.forensicswiki.org/index.php/Main_Page">ForensicWiki<br /></a>. There can either be a section about log files, or as application specifics/artifacts are added, the location of the log files, and even how to interpret them can be addressed, as well.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9518042.post-37039266518662575692006-08-22T23:15:00.000-05:002006-08-22T23:15:00.000-05:00I find that when I'm stuck on a forensic exam, the...I find that when I'm stuck on a forensic exam, the best thing for me to do is to shut EnCase down, open up sol.exe and mindlessly waste away for about 2 hours :)<br /><br />But on a serious note... Ditto Dave's comments.<br />As far as a location for log files or registry entries - I can't remember until I'm sitting front of my forensic machine actually looking for that data. BUT - I would be very eager to help set up some sort of online database for forensic examiners that could point people in the right direction. It would be great if it were wiki-esque in nature so that any user could input new information.<br />Whaddya think?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-9518042.post-87762641978842362232006-08-21T20:26:00.000-05:002006-08-21T20:26:00.000-05:00Dave,
Great comment. Can you provide locations f...Dave,<br /><br />Great comment. Can you provide locations for those log files, for each of the applications you mentioned? I think that would be helpful to a lot of folks.<br /><br />Thanks.Anonymousnoreply@blogger.com