Top Ad unit 728 × 90

Latest News


Daily Blog #602: Solution Saturday 1/19/19

Hello Reader,
        This weeks' challenge has an interesting twist, I have two answers but neither was submitted before the deadline. So I thought I would post the two answers for everyone's benefit so it's not lost to the twitter timeline.

The Challenge:
In Windows 10 what behavior appears to determine if a program will show up in the UserAssist entries with 0 run count versus actually tracking a run count and last execution date

The Answers:
Matt Seyer: 

Matt worked up and tested three hypotheses for conditions where the UserAssist value did not get set or updated. Matt also released a really neat tool that will allow you to monitor UserAssist values in real time which will make testing much easier.

Maxim Suhanov:

Maxim tested a different method, he noticed that if GUI apps were executed from the command line (which should include exec scenarios within other programs) that the same behavior occurs. 

The common thread that I can find between all of these tests is that UserAssist is tracking executions outside of the direct user context now. This means ... you guessed it ... more testing! I think this helped leap forward quite a bit but I look forward to really pushing this out over the next week. 
Daily Blog #602: Solution Saturday 1/19/19 Reviewed by David Cowen on January 19, 2019 Rating: 5

1 comment:

All Rights Reserved by Hacking Exposed Computer Forensics Blog © 2014 - 2020
Powered By Blogger, Designed by Sweetheme

Contact Form


Email *

Message *

Powered by Blogger.