Shlomi Boutnaru, Ph.D.The Linux Concept Journey — “Session”In general, a “Session” is a collection of “Process Groups”…12h ago12h ago
Shlomi Boutnaru, Ph.D.The Windows Process Journey — “WerFaultSecure.exe” (Windows Fault Reporting)“WerFaultSecure.exe” (Windows Fault Reporting) is a PE binary located at “%windir%\system32\WerFaultSecure.exe”. On 64-bit systems there…1d ago1d ago
Shlomi Boutnaru, Ph.D.The Windows Process Journey — “ntoskrnl.exe” (NT Kernel & System)In general, “ntoskrnl.exe” is the kernel image of the Windows operating system. It includes both the executive and the kernel layers of…2d ago2d ago
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — “TrayButtonClicked”The “TrayButtonClicked” is a registry subkey of “FeatureUsage”…3d ago3d ago
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — “ShowJumpView”The “ShowJumpView” is a registry subkey of “FeatureUsage”…4d ago4d ago
Shlomi Boutnaru, Ph.D.The Windows Concept Journey — “Jump List”A “Jump List” is a list of system-provided menus which is shown when the user performs a right-click on an application in the…5d ago5d ago
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — “AppSwitched”The “AppSwitched” is a registry subkey of “AppSwitched”…6d ago6d ago
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — “AppLaunch”The “AppLaunch” is a registry subkey of “FeatureUsage”…6d ago6d ago
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — “RecentApps”RecentApps is a feature relevant since Windows 10 which logs execution of GUI programs. It is saved per local/domain user in the following…Jul 26Jul 26