Notifications
Clear all
General (Technical, Procedural, Software, Hardware etc.)
2
Posts
2
Users
0
Likes
956
Views
Topic starter
I got a image of one windows workstation, we are using encase and ftk.
is it possible to list the installed and uninstalled application for Apr.2020 to May 2020?
we find one application Simchar, from forensic software perspective, can we list the connected domain or ip when this application launched for the past three weeks?
Posted : 09/07/2020 3:45 am
You can find the install dates in
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Â
and any kind of comm protocols in your firewall/ proxy/ IDS/ IPS/ SIEM logs.Â
With some luck, the local SRUM database has an IP address for you as well.
Â
regards,
Robin
Â
Posted : 09/07/2020 9:50 am