Join Us!

newly installed app...
 
Notifications
Clear all

newly installed application  

  RSS
jolintan
(@jolintan)
Junior Member

I got a image of one windows workstation, we are using encase and ftk.

is it possible to list the installed and uninstalled application for Apr.2020 to May 2020?

we find one application Simchar, from forensic software perspective, can we list the connected domain or ip when this application launched for the past three weeks?

Quote
Posted : 09/07/2020 4:45 am
Bunnysniper
(@bunnysniper)
Active Member

You can find the install dates in

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

 

and any kind of comm protocols in your firewall/ proxy/ IDS/ IPS/ SIEM logs. 
With some luck, the local SRUM database has an IP address for you as well.

 

regards,
Robin

 

ReplyQuote
Posted : 09/07/2020 10:50 am
Share: