Windows apps histor...
 
Notifications
Clear all

Windows apps history forensic ?

3 Posts
3 Users
0 Reactions
858 Views
(@davids)
Active Member
Joined: 1 year ago
Posts: 3
Topic starter  

Hi there,

as i`m not an expert in forensics i need an advice (or two;):

- Which tool/tools would u guys recommend for Windows apps forensic examination (ie. network usage ports/ip, runtime, updates,  timeline behaviour)

- What`s your favourite "workhorse" in general Windows forensics ?

I`m into commercial  solutions but if there`s something freeware (already tried Autopsy / Sleuth, DEFT, Caine etc.)  it would be even better. 

 

BR

David

This topic was modified 1 year ago by davidS

   
Quote
(@viersus)
New Member
Joined: 1 year ago
Posts: 2
 

If your lab is dealing with a bunch of cases and time is ticking, freeware might not cut it with its service, support, and update limitations. That's where commercial software swoops in to save the day! Of course, the choice depends on what kind of cases you're working on. There's a whole bunch of products out there—some with specific superpowers and others that can do it all. Just a heads up, the all-in-one ones can be a bit pricey. If you're looking for software to tackle specific challenges, just let me know what you need, and I'll point you in the right direction!

 


   
ReplyQuote
Ahsan
(@ahsan)
Estimable Member
Joined: 6 years ago
Posts: 73
 

Dear David @davids:

you may please have a look on the following tools which may fulfill your requirement

  • Sysinternals Suite
  • Process Monitor (Procmon) / Process Explorer
  • RegShot / Registry Editor / Registry Viewer
  • Wireshark
  • Volatility for memory analysis (command line)

   
ReplyQuote
Share: