Shlomi Boutnaru, Ph.D.The Linux Concept Journey — Regular FileAs we know the philosophy of Linux is that “Everything is a file”. However, not all files are created equally. As you know there are seven…1d ago1d ago
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — Windows Recall’s ArtifactsIn general, we can use “Windows Recall” to retrace things that they have done on a specific Windows system. Those points in time are shown…2d ago2d ago
Shlomi Boutnaru, Ph.D.The Windows Process Journey — “WerFault.exe” (Windows Problem Reporting)“WerFault.exe” is a PE binary located at “%windir%\system32\WerFault..exe”. On 64-bit systems there is also a 32-bit version of the binary…5d ago5d ago
Shlomi Boutnaru, Ph.D.The Windows Concept Journey — “Windows Search”“Windows Search” is an operating system service (https://medium.com/@boutnaru/windows-services-part-2-7e2bdab5bce4) — as shown in the…6d ago6d ago
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — MUICache (Multilingual User Interface Cache)MUI (Multilingual User Interface Cache) is a technology that is used for enabling multilingual user experiences without the need of…Jul 11Jul 11
Shlomi Boutnaru, Ph.D.The Windows Process Journey — “wermgr.exe” (Windows Problem Reporting)“wermgr.exe” is a PE binary located at “%windir%\system32\wermgr.exe”. On 64-bit systems there is also a 32-bit version of the binary…Jul 101Jul 101
Shlomi Boutnaru, Ph.D.The Windows Concept Journey — Multilingual User Interface (MUI)Multilingual User Interface (MUI) is a technology that is used for enabling multilingual user experiences. It is needed to help Microsoft…Jul 9Jul 9
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — Windows RecallThe purpose of “Windows Recall” is to allow users to retrace things that they have done on a specific Windows system. By using recall the…Jul 8Jul 8
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — “SuperFetch”“SuperFetch” is an extension of the “Prefetch” feature (https://medium.com/@boutnaru/the-windows-forensics-journey-prefetch-59af4722ceb9)…Jul 7Jul 7
Shlomi Boutnaru, Ph.D.The Windows Concept JourneyThe “UsrClass.dat” file is located “C:\Users\%username%\AppData\Local\Microsoft\Windows” (which can be accessed also by…Jul 7Jul 7