Top Ad unit 728 × 90

Latest News

random

Daily Blog #587: Forensic Lunch Test Kitchen 1/4/19 Server 2019 Amache

Hello Reader,
     Tonight we continued our exploration of Server 2019 with a look into how Amcache is behaving on it.

Here is what we learned:

  • Amcache is still scanning the desktop for executables and adding them to the Amcache when the Application experience scheduled task runs, even if the executable was never run
  • Like Server 2008 R2 Amcache is including the contents of the Desktop directory for executions and executables
  • Server 2019 appears to be storing command line executions! This is a very different behavior than we've seen before and requires more testing
You can watch the video here:

Daily Blog #587: Forensic Lunch Test Kitchen 1/4/19 Server 2019 Amache Reviewed by David Cowen on January 04, 2019 Rating: 5

No comments:

All Rights Reserved by Hacking Exposed Computer Forensics Blog © 2014 - 2020
Powered By Blogger, Designed by Sweetheme

Contact Form

Name

Email *

Message *

Powered by Blogger.