From the course: Incident Response: Evidence Collection in Windows

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Collecting the data/time of the victim

Collecting the data/time of the victim

From the course: Incident Response: Evidence Collection in Windows

Start my 1-month free trial

Collecting the data/time of the victim

- [Instructor] Now that we've covered some of the basics and we've collected the memory from the system, we need to start collecting the other volatile data. And the first thing I like to collect is the date and time of the machine that we're capturing our system on. So the way we're going to do this is we are going to use a program called Now. Now is a native windows function and we've created a trusted version of that known as T_now inside of our program on our trusted tools disc. The first thing we want to do is open up a command prompt. So we're just going to hit the windows key and then type in command and from there, we'll hit enter to select the command prompt. Going to go ahead and maximize this and what we want to do is switch over to our trusted tools USB drive. In my case, that's going to be the D drive. And then I'm going to go into the trusted tools directory and from here, if you hit DIR, you'll see all…

Contents