Shlomi Boutnaru, Ph.D.The Windows Process Journey — “reg.exe” (Registry Console Tool)“reg.exe” (Registry Console Tool) is a binary PE file located at “%windir%\system32\reg.exe”. It is a command line utility which is used…18h ago18h ago
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — “FirstFolder” (First Folder Presented During Open/Save As)The goal of the “FirstFolder” registry key is to track the application’s first folder that is presented to the user during an Open or Save…2d ago2d ago
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — “CIDSizeMRU”“CIDSizeMRU” is a registry subkey of “ComDlg32” which is located in…3d ago3d ago
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — “NetworkList” (Wireless Network Profiles List)“NetworkList” is a registry key (https://medium.com/@boutnaru/the-windows-concept-journey-registry-0767e79387a9) that holds information…4d ago4d ago
Shlomi Boutnaru, Ph.D.The Linux Concept Journey — “Session”In general, a “Session” is a collection of “Process Groups”…4d ago4d ago
Shlomi Boutnaru, Ph.D.The Windows Process Journey — “WerFaultSecure.exe” (Windows Fault Reporting)“WerFaultSecure.exe” (Windows Fault Reporting) is a PE binary located at “%windir%\system32\WerFaultSecure.exe”. On 64-bit systems there…5d ago5d ago
Shlomi Boutnaru, Ph.D.The Windows Process Journey — “ntoskrnl.exe” (NT Kernel & System)In general, “ntoskrnl.exe” is the kernel image of the Windows operating system. It includes both the executive and the kernel layers of…6d ago6d ago
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — “TrayButtonClicked”The “TrayButtonClicked” is a registry subkey of “FeatureUsage”…Jul 30Jul 30
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — “ShowJumpView”The “ShowJumpView” is a registry subkey of “FeatureUsage”…Jul 29Jul 29
Shlomi Boutnaru, Ph.D.The Windows Concept Journey — “Jump List”A “Jump List” is a list of system-provided menus which is shown when the user performs a right-click on an application in the…Jul 28Jul 28