Top Ad unit 728 × 90

Latest News

random

Daily Blog #571: Forensic Lunch Test Kitchen 12/18/18 Syscache

Hello Reader,
        Another evening, another test kitchen! Tonight we looked even deeper into the Syscache and we learned:


  • Bat files are recorded in the Syscache hives when executed
  • Bat files and other executables run from the Desktop are not recorded in the Syscache
  • Powershell files (ps1) are not caught in the Syscache hive
  • Deleting a file did not eliminate it from the Syscache hive 
  • Installing a program recorded its installer, but the program did not prepopulate an entry in the Syscache hive
  • Creating a bat file did not pre-populate it in the Syscache hive
You can watch the video here:

Daily Blog #571: Forensic Lunch Test Kitchen 12/18/18 Syscache Reviewed by David Cowen on December 18, 2018 Rating: 5

No comments:

All Rights Reserved by Hacking Exposed Computer Forensics Blog © 2014 - 2020
Powered By Blogger, Designed by Sweetheme

Contact Form

Name

Email *

Message *

Powered by Blogger.