Windows 10 artefact...
 
Notifications
Clear all

Windows 10 artefacts / service  

  RSS
tootypeg
(@tootypeg)
Active Member

I'll get straight to the point- What are the main Win10 artefacts and services which currently remain non-documented or under-researched?

Quote
Posted : 13/04/2019 11:07 am
EugeneBelk
(@eugenebelk)
New Member

Well, if you are interested in this subject, you might find Windows 10 Timeline interesting. Forensic Focus published an article about how to investigate this issue via Belkasoft Evidence Center https://belkasoft.com/windows-10-timeline-analysis

ReplyQuote
Posted : 23/09/2019 4:15 pm
Bunnysniper
(@bunnysniper)
Active Member

I'll get straight to the point- What are the main Win10 artefacts and services which currently remain non-documented or under-researched?

Changes to the local firewall rules. There is no tool to detect modifications done by tools, attackers or malware.

regards, Robin

ReplyQuote
Posted : 23/09/2019 7:08 pm
keydet89
(@keydet89)
Community Legend

I'll get straight to the point- What are the main Win10 artefacts and services which currently remain non-documented or under-researched?

Changes to the local firewall rules. There is no tool to detect modifications done by tools, attackers or malware.

regards, Robin

Sure there areā€¦EDR tools catch this all the time, particularly when it's performed via netsh.

Is this dumping the rules something that would be valuable to add to RegRipper?

ReplyQuote
Posted : 24/09/2019 2:25 pm
Share: