SBM Labs

Cyber Security Collaboration Project

Gathering Non-Volatile Data
10 Dec 2016

1.Files and folders.

> dir
> dir /AH

> fsutil volume dikfree C:
> attrib /?
> attrib pagefile.sys

2. Registry.

> reg QUERY "HKLM\Software\Microsoft\Windows\CurrentVersion\Run"

3. Users.

> net user
> c:\SysinternalsSuite\PsGetsid.exe Administrator

Gathering Volatile Data