You can use Windows Hibernate to conserve batteries, electricity, save the environment, the world and the polar bears. However, did you know that by putting your computer into “hibernation” mode that you are essentially creating a snapshot of the contents of your computers RAM which is then saved to the root of the hard drive as “hiberfil.sys”?
This article covers the USBSTOR registry key and the setupapi.log file and methods to delete them. These two artifacts can contain data regarding USB devices that have been plugged into a system. There are other things you should be aware of as well which are covered in the article. Sometimes just deleting a registry key or file is not enough.
Requirements
Administrator account
Windows XP
Command Summary
Login as Administrator
Open a command prompt
Enter the command: fsutil behavior set disablelastaccess 1
Restart computer
Purpose
I’ll come right out and say that this is definitely not a strong anti-forensic technique but it can be helpful. Most forensic examiners already know they can’t rely heavily on lastaccess timestamps. One major reason is that anti-malware and anti-virus [...]
Recent Comments