Windows 10 artefact...
 
Notifications
Clear all

Windows 10 artefacts / service

4 Posts
4 Users
0 Likes
677 Views
(@tootypeg)
Posts: 173
Estimable Member
Topic starter
 

I'll get straight to the point- What are the main Win10 artefacts and services which currently remain non-documented or under-researched?

 
Posted : 13/04/2019 10:07 am
(@eugenebelk)
Posts: 16
Active Member
 

Well, if you are interested in this subject, you might find Windows 10 Timeline interesting. Forensic Focus published an article about how to investigate this issue via Belkasoft Evidence Center https://belkasoft.com/windows-10-timeline-analysis

 
Posted : 23/09/2019 3:15 pm
Bunnysniper
(@bunnysniper)
Posts: 257
Reputable Member
 

I'll get straight to the point- What are the main Win10 artefacts and services which currently remain non-documented or under-researched?

Changes to the local firewall rules. There is no tool to detect modifications done by tools, attackers or malware.

regards, Robin

 
Posted : 23/09/2019 6:08 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

I'll get straight to the point- What are the main Win10 artefacts and services which currently remain non-documented or under-researched?

Changes to the local firewall rules. There is no tool to detect modifications done by tools, attackers or malware.

regards, Robin

Sure there are…EDR tools catch this all the time, particularly when it's performed via netsh.

Is this dumping the rules something that would be valuable to add to RegRipper?

 
Posted : 24/09/2019 1:25 pm
Share: