Forensic Artifacts: evidences of program execution on Windows systems

During a forensic analysis of a Windows system, it is often critical to understand when and how a particular process has been started. In order to identify this activity, we can extract from the target system a set of artifacts useful to collect evidences of program execution. UserAssist On a Windows System, every GUI-based programs … Continue reading Forensic Artifacts: evidences of program execution on Windows systems