±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36125
New Yesterday: 1 Visitors: 143

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Windows 10 artefacts / service

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

tootypeg
Senior Member
 

Windows 10 artefacts / service

Post Posted: Apr 13, 19 10:07

I'll get straight to the point:- What are the main Win10 artefacts and services which currently remain non-documented or under-researched?  
 
  

EugeneBelk
Member
 

Re: Windows 10 artefacts / service

Post Posted: Sep 23, 19 15:15

Well, if you are interested in this subject, you might find Windows 10 Timeline interesting. Forensic Focus published an article about how to investigate this issue via Belkasoft Evidence Center: belkasoft.com/windows-...e-analysis  
 
  

Bunnysniper
Senior Member
 

Re: Windows 10 artefacts / service

Post Posted: Sep 23, 19 18:08

- tootypeg
I'll get straight to the point:- What are the main Win10 artefacts and services which currently remain non-documented or under-researched?


Changes to the local firewall rules. There is no tool to detect modifications done by tools, attackers or malware.

regards, Robin
_________________
--
All opinions are mine and are not necessarily the opinions of my employer. 
 
  

keydet89
Senior Member
 

Re: Windows 10 artefacts / service

Post Posted: Sep 24, 19 13:25

- Bunnysniper
- tootypeg
I'll get straight to the point:- What are the main Win10 artefacts and services which currently remain non-documented or under-researched?


Changes to the local firewall rules. There is no tool to detect modifications done by tools, attackers or malware.

regards, Robin


Sure there are...EDR tools catch this all the time, particularly when it's performed via netsh.

Is this dumping the rules something that would be valuable to add to RegRipper?  
 

Page 1 of 1