newly installed application

Last Post

RSS

jolintan

(@jolintan)

Junior Member

I got a image of one windows workstation, we are using encase and ftk.

is it possible to list the installed and uninstalled application for Apr.2020 to May 2020?

we find one application Simchar, from forensic software perspective, can we list the connected domain or ip when this application launched for the past three weeks?

Quote

Posted : 09/07/2020 4:45 am

Bunnysniper

(@bunnysniper)

Active Member

You can find the install dates in

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

and any kind of comm protocols in your firewall/ proxy/ IDS/ IPS/ SIEM logs.
With some luck, the local SRUM database has an IP address for you as well.

regards,
Robin

ReplyQuote

Posted : 09/07/2020 10:50 am

Forum Statistics

12 Forums

14.4 K Topics

89.1 K Posts

5 Online

37 K Members

Latest Post: Help running XWF X-tensions Our newest member: Nagabhushanam Recent Posts Unread Posts Tags

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed

Join Us!

newly installed application