Shlomi Boutnaru, Ph.D.The Windows Process Journey — “WerFaultSecure.exe” (Windows Fault Reporting)“WerFaultSecure.exe” (Windows Fault Reporting) is a PE binary located at “%windir%\system32\WerFaultSecure.exe”. On 64-bit systems there…Just nowJust now
Shlomi Boutnaru, Ph.D.The Windows Process Journey — “ntoskrnl.exe” (NT Kernel & System)In general, “ntoskrnl.exe” is the kernel image of the Windows operating system. It includes both the executive and the kernel layers of…22h ago22h ago
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — “TrayButtonClicked”The “TrayButtonClicked” is a registry subkey of “FeatureUsage”…1d ago1d ago
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — “ShowJumpView”The “ShowJumpView” is a registry subkey of “FeatureUsage”…3d ago3d ago
Shlomi Boutnaru, Ph.D.The Windows Concept Journey — “Jump List”A “Jump List” is a list of system-provided menus which is shown when the user performs a right-click on an application in the…3d ago3d ago
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — “AppSwitched”The “AppSwitched” is a registry subkey of “AppSwitched”…4d ago4d ago
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — “AppLaunch”The “AppLaunch” is a registry subkey of “FeatureUsage”…5d ago5d ago
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — “RecentApps”RecentApps is a feature relevant since Windows 10 which logs execution of GUI programs. It is saved per local/domain user in the following…5d ago5d ago
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — “FeatureUsage”In general, “FeatureUsage” is a registry key which is stored as part of the user’s profile. This means that the information is stored for…6d ago6d ago