Forensic Artifacts: evidences of program execution on Windows systems

During a forensic analysis of a Windows system, it is often critical to understand when and how a particular process has been started. In order to identify this activity, we can extract from the target … Continue reading Forensic Artifacts: evidences of program execution on Windows systems