Windows apps histor...
Clear all

Windows apps history forensic ?

3 Posts
3 Users
Posts: 3
Active Member
Topic starter

Hi there,

as i`m not an expert in forensics i need an advice (or two;):

- Which tool/tools would u guys recommend for Windows apps forensic examination (ie. network usage ports/ip, runtime, updates,  timeline behaviour)

- What`s your favourite "workhorse" in general Windows forensics ?

I`m into commercial  solutions but if there`s something freeware (already tried Autopsy / Sleuth, DEFT, Caine etc.)  it would be even better. 




This topic was modified 3 months ago by davidS
Posted : 21/11/2023 11:22 pm
Posts: 2
New Member

If your lab is dealing with a bunch of cases and time is ticking, freeware might not cut it with its service, support, and update limitations. That's where commercial software swoops in to save the day! Of course, the choice depends on what kind of cases you're working on. There's a whole bunch of products out there—some with specific superpowers and others that can do it all. Just a heads up, the all-in-one ones can be a bit pricey. If you're looking for software to tackle specific challenges, just let me know what you need, and I'll point you in the right direction!


Posted : 24/11/2023 12:48 pm
Posts: 72
Estimable Member

Dear David @davids:

you may please have a look on the following tools which may fulfill your requirement

  • Sysinternals Suite
  • Process Monitor (Procmon) / Process Explorer
  • RegShot / Registry Editor / Registry Viewer
  • Wireshark
  • Volatility for memory analysis (command line)
Posted : 03/12/2023 12:36 pm