In 2017 Fabio Gasperini was claimed to create a global network of hijacked computers by obtaining unauthorized information by Federal Bureau of Investigation. This acquitted him of more serious charges of cyber intrusion, wire fraud and conspiracy. If he had been convicted of all the charges, Gasperini would have faced up to 70 years in prison. What CQURE has to do with that?
To a computer forensics expert like Paula Januszkiewicz, Windows Prefetch files are a virtual treasure trove that can reveal not only what has happened on an operating system but when it took place. In this brief tutorial, Paula shares the tool and method needed to unlock the contents of these digital artifacts.
In this tutorial, we're going to do a little bit of forensics. At the end of this episode you’ll be able to not only recover files from a disk using PowerShell, but also to recover files that could have been potentially overwritten.