Notifications
Clear all
General (Technical, Procedural, Software, Hardware etc.)
2
Posts
2
Users
0
Reactions
1,248
Views
Topic starter
09/07/2020 4:45 am
I got a image of one windows workstation, we are using encase and ftk.
is it possible to list the installed and uninstalled application for Apr.2020 to May 2020?
we find one application Simchar, from forensic software perspective, can we list the connected domain or ip when this application launched for the past three weeks?
09/07/2020 10:50 am
You can find the install dates in
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Â
and any kind of comm protocols in your firewall/ proxy/ IDS/ IPS/ SIEM logs.Â
With some luck, the local SRUM database has an IP address for you as well.
Â
regards,
Robin
Â