Windows Forensic Handbook

Ctrlk

👋Welcome
Artifacts by Type
Artifacts by Activity

Powered by GitBook

On this page

Artifacts by Activity
🗒️File Activity

File Path

USN Journal Prefetch Amcache.hve Background Activity Montitor System Resource Usage Monitor (SRUM)AutomaticDestinations Jumplists Recycle Bin $I/$R Files Image File Execution Options Registry Keys Task Scheduler Files Windows Error Reporting Files (.WER)Run/RunOnce Registry Keys Services Registry Keys Task Scheduler Operational Log Event ID 7045: Service Installed EventID 2004: Firewall Rule Added EventID 2005: Firewall Rule Modified EventID 2006: Firewall Rule Deleted EventID 2071: Firewall Rule Added EventID 2073: Firewall Rule Modified EventID 2052: Firewall Rule Deleted

Last updated 1 year ago