andreafortuna.org
Forensic Artifacts: evidences of program execution on Windows systems | So Long, and Thanks for All the Fish
During a forensic analysis of a Windows system, it is often critical to understand when and how a particular process has been started. In order to identify this activity, we can extract from the targe