The Windows Subsystem for Linux (WSL) is a great feature introduced in Windows 10. Is a compatibility layer for running Linux binary executables natively on Windows 10, and allows the use of a rather real linux installation, without using a virtual machine.
This article on Microsoft’s Technet Blog is really interesting: Moti Bani explain how to investigate suspicious activity on servers using Sysmon Tool.
On Windows systems, event logs contains a lot of useful information about the system and its users.
Windows registry contains information that are helpful during a forensic analysis Windows registry is an excellent source for evidential data, and knowing the type of information that could possible exist in the registry and location is critical during the forensic analysis process. Let’s analyze the main keys… Recent opened Programs/Files/URLs HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU MRU is the abbreviation for…
Amcache and Shimcache can provide a timeline of which program was executed and when it was first run and last modified In addition, these artifacts provide program information regarding the file path, size, and hash depending on the OS version.