Notifications

Clear all

Windows 10 artefacts / service

General (Technical, Procedural, Software, Hardware etc.)

Last Post by keydet89 6 years ago

4 Posts

4 Users

0 Reactions

986 Views

RSS

tootypeg

(@tootypeg)

Estimable Member

Joined: 18 years ago

Posts: 173

Topic starter 13/04/2019 11:07 am

I'll get straight to the point- What are the main Win10 artefacts and services which currently remain non-documented or under-researched?

Quote

EugeneBelk

(@eugenebelk)

Active Member

Joined: 6 years ago

Posts: 16

23/09/2019 4:15 pm

Well, if you are interested in this subject, you might find Windows 10 Timeline interesting. Forensic Focus published an article about how to investigate this issue via Belkasoft Evidence Center https://belkasoft.com/windows-10-timeline-analysis

ReplyQuote

Bunnysniper

(@bunnysniper)

Reputable Member

Joined: 13 years ago

Posts: 259

23/09/2019 7:08 pm

I'll get straight to the point- What are the main Win10 artefacts and services which currently remain non-documented or under-researched?

Changes to the local firewall rules. There is no tool to detect modifications done by tools, attackers or malware.

regards, Robin

ReplyQuote

keydet89

(@keydet89)

Famed Member

Joined: 21 years ago

Posts: 3568

24/09/2019 2:25 pm

I'll get straight to the point- What are the main Win10 artefacts and services which currently remain non-documented or under-researched?

Changes to the local firewall rules. There is no tool to detect modifications done by tools, attackers or malware.

regards, Robin

Sure there are…EDR tools catch this all the time, particularly when it's performed via netsh.

Is this dumping the rules something that would be valuable to add to RegRipper?

ReplyQuote

8 Forums
15.7 K Topics
92.3 K Posts
354 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed