Top Ad unit 728 × 90

Latest News

random

Daily Blog #689: Feature Usage from Oleg Skulkin

Hello Reader,
       Tomorrow on the Forensic Lunch I've asked Oleg Skulkin to join. I mainly asked Oleg to join because he won last week's Sunday Funday contest and this is a new thing I'm trying to start, having the prior winner to come on and talk about what they did in their research.  Well in the mean time Oleg went ahead and posted up some entirely new research unrelated to any Sunday Funday. Oleg found a new registry artifact called FeatureUsage which appears to track programs that you launch through the task bar.

Now this is not the only source of this data conceivably, it could overlap artifacts like AmCache, UserAssist, Shimcache and Prefetch. But what's interesting about this is that its tracking a specific time of GUI execution, that being from the taskbar. Which means you could potentially get additional times of execution. Maybe I'm missing something and I'll find out tomorrow when Oleg is on the lunch at Noon CDT (UTC -5)!

You can read Oleg's research here: https://www.group-ib.com/blog/featureusage

Daily Blog #689: Feature Usage from Oleg Skulkin Reviewed by David Cowen on April 30, 2020 Rating: 5

No comments:

All Rights Reserved by Hacking Exposed Computer Forensics Blog © 2014 - 2020
Powered By Blogger, Designed by Sweetheme

Contact Form

Name

Email *

Message *

Powered by Blogger.