bars
π
Windows Forensic Handbook
search
circle-xmark
Ctrl
k
copy
Copy
chevron-down
Artifacts by Activity
chevron-right
πββοΈ
Execution
Command Line Options
Task Scheduler Files
chevron-right
Task Scheduler Operational Log
chevron-right
EventID 4688: A new process has been created
chevron-right
EventID 9707: Command Execution Started
chevron-right
Last updated
2 years ago
sun-bright
desktop
moon
sun-bright
desktop
moon