I'll get straight to the point- What are the main Win10 artefacts and services which currently remain non-documented or under-researched?
Well, if you are interested in this subject, you might find Windows 10 Timeline interesting. Forensic Focus published an article about how to investigate this issue via Belkasoft Evidence Center https://
I'll get straight to the point- What are the main Win10 artefacts and services which currently remain non-documented or under-researched?
Changes to the local firewall rules. There is no tool to detect modifications done by tools, attackers or malware.
regards, Robin
I'll get straight to the point- What are the main Win10 artefacts and services which currently remain non-documented or under-researched?
Changes to the local firewall rules. There is no tool to detect modifications done by tools, attackers or malware.
regards, Robin
Sure there are…EDR tools catch this all the time, particularly when it's performed via netsh.
Is this dumping the rules something that would be valuable to add to RegRipper?