Jan 302011

Do you need to trace the activity in a Windows PC? You don’t know where to start?

This is an example (OLAF 2011):

This is the XLS


  • Work on UTC format.
  • USE a REGISTRY TIMELINE (you can use AD “Registry View”).
  • For FIREFOX and IE you can use “Netanalysis” (you can build SQL query).
  • For The Event View you can use “Event Log Explorer”.
  • For FILE SYSTEM: use X-WAYS Forensics (use FILTERS).

 Leave a Reply



You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>