To be a examiner of digital evidence,I want to know which tools/software can list the log of the pc running programs recently.and the history of viewed website else.
Is there anyone knows?
Thanks!
To be a examiner of digital evidence,I want to know which tools/software can list the log of the pc running programs recently.and the history of viewed website else.
Any indication, even if small, to how you have tried to find an answer to these questions but failed would be helpful.
The only log there is can be viewed by the Event Views, which comes with Windows. But you can't always use it … so perhaps you are asking for something else. While it's easy enough to guess, it's just as easy to guess wrong.
As for web site history … it seems the 'Tools' section of www . forensicwiki . org would provide an answer.
The only log there is can be viewed by the Event Views, which comes with Windows. But you can't always use it … so perhaps you are asking for something else. While it's easy enough to guess, it's just as easy to guess wrong.
I agree that more information needs to be made available. Windows? Linux? Are you examining a live system, or an image? The reason this question has gone unanswered is likely due to the fact that it's not clear as to what the question is….
As for web site history … it seems the 'Tools' section of www . forensicwiki . com would provide an answer.
Can you clarify that? I don't think that's the web site you meant to send the OP to…
Thanks for answer of Keyedt and Athulin
What I mean is that when the inspectors need to view the programs running on the computer in windows during of specific times.
For example
on suspector computer image(win7 32bit),I want to know which program running in 1 Aug. to 5 Aug.
As I know there are no forensic tools can do this?
you would want a skilled examiner creating a timeline…
i dont think there's a point and click solution
What I mean is that when the inspectors need to view the programs running on the computer in windows during of specific times.
The only log that could give you that information *in*general* is the security log, provided it had been configured to log process tracking.
For any given program there may be additional indicators, but they will apply only to that program. For example, antivirus software sometimes have internal logs of when they are executed, updated, and what findings they make. Programs that fail to execute correctly may leave traces in the application log if they log the failure. And software that create or modify registry entries will leave time stamps traces, and software installers usually also leave identifiable traces when they run.
on suspector computer image(win7 32bit),I want to know which program running in 1 Aug. to 5 Aug.
The general approach would be to make a super-timeline, and collect timestamps from as many sources of the examined computer as possible, then restrict it to the relevant timespan, remove (or hide) those that are not traceable to any particular program, and research those that can be researched.
But there is no guarantee it will produce a complete list of all programs that executed in the specified time. Thus, the general answer to your question is no, there is no method to create a complete list. Even so, you can probably create a list of some programs that did execute in a specified time. It may also be possible to say that some programs were not executed, due to the lack of identifiable traces, though that has to be argued very carefully.
It will obviously be fairly time-consuming.