Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training
Can't find what you are looking for?

Let us help.

Contact us
Resources
SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

CISO Network

Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations
Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk with an expert
Talk with an expert

Insider Threat The Theft of Intellectual Property in Windows 10

Download File
Insider Threat The Theft of Intellectual Property in Windows 10 (PDF, 7.56MB)Published: 11 Mar, 2021
Created by
Eduard Du Plessis

The prevalence of the theft of intellectual property investigations has grown over the past years and when investigated it will most likely be on a Windows 10 machine. It is important to have a clear framework on how to approach and execute such an investigation accurately and timeously. In this paper we will identify and analyse important Windows 10 artefacts that will reveal the user, the file and folders opened, applications used and the location of the files and folders. These artefacts are LNK (Link) Files, Jump Lists, Shell Bags, Prefetch files, USB connections and Network Mappings. We will demonstrate how to acquire and analyse these artefacts using a set of lightweight and powerful digital forensic software tools that are also affordable. The reader will find that by systematically analysing and correlating artefact events a timeline can be build that tells a story.

Additional resources

SANS 2025 CTI Survey Webcast & Forum: Navigating Uncertainty in Today’s Threat Landscape

WhitepaperDigital Forensics and Incident Response, Security Awareness, Cybersecurity and IT Essentials
  • 20 May 2025
  • Rebekah Brown, Andreas Sfakianakis

Beneath the Mask: Can Contribution Data Unveil Malicious Personas in Open-Source Projects?

WhitepaperArtificial Intelligence, Digital Forensics and Incident Response
  • 13 May 2025
  • SANS Institute

test

WhitepaperDigital Forensics and Incident Response, Security Awareness, Cyber Defense
  • 27 Mar 2025

Empowering Responders with Automated Investigation

WhitepaperDigital Forensics and Incident Response, Security Awareness
  • 18 Feb 2025
  • Megan Roddie-Fonseca

Beyond Detection: Using Real Phishing Data to Gauge Security Training Program Success

WhitepaperDigital Forensics and Incident Response, Security Awareness
  • 7 Jan 2025

Hunting the Hound of Hades: Kerberos Delegation Attacks, Detections and Defenses

WhitepaperDigital Forensics and Incident Response
  • 23 Dec 2024

Related courses