Windows apps histor...
 
Notifications
Clear all

Windows apps history forensic ?

3 Posts
3 Users
0 Likes
613 Views
(@davids)
Posts: 3
Active Member
Topic starter
 

Hi there,

as i`m not an expert in forensics i need an advice (or two;):

- Which tool/tools would u guys recommend for Windows apps forensic examination (ie. network usage ports/ip, runtime, updates,  timeline behaviour)

- What`s your favourite "workhorse" in general Windows forensics ?

I`m into commercial  solutions but if there`s something freeware (already tried Autopsy / Sleuth, DEFT, Caine etc.)  it would be even better. 

 

BR

David

This topic was modified 3 months ago by davidS
 
Posted : 21/11/2023 11:22 pm
(@viersus)
Posts: 2
New Member
 

If your lab is dealing with a bunch of cases and time is ticking, freeware might not cut it with its service, support, and update limitations. That's where commercial software swoops in to save the day! Of course, the choice depends on what kind of cases you're working on. There's a whole bunch of products out there—some with specific superpowers and others that can do it all. Just a heads up, the all-in-one ones can be a bit pricey. If you're looking for software to tackle specific challenges, just let me know what you need, and I'll point you in the right direction!

 

 
Posted : 24/11/2023 12:48 pm
(@ahsan)
Posts: 72
Estimable Member
 

Dear David @davids:

you may please have a look on the following tools which may fulfill your requirement

  • Sysinternals Suite
  • Process Monitor (Procmon) / Process Explorer
  • RegShot / Registry Editor / Registry Viewer
  • Wireshark
  • Volatility for memory analysis (command line)
 
Posted : 03/12/2023 12:36 pm
Share: