During its normal operating, Windows Search runs in the background, creating a full-text index of the files on the computer. ![]() Windows Search is a desktop indexer that has been integrated and enabled by default in Windows operating systems since Vista. OSForensics is able to scan the Windows Search index for recent file activity. OSForensics is capable of scanning for jumps lists, a feature introduced in Windows 7 which allows users to view recently opened files by programs that are pinned to the taskbar. Microsoft Office user interaction events (OAlerts).Application Log Events such as application installation attempts.System Log Events such as Windows update attempts, system boot/shutdown, and driver installations.Security Log Events such as account login attempts, logouts and password changes.OSForensics will scan the Windows logs for system activity such as the following events: OSF is able to list the WIFI access points that the machine has connected to in the past, including the date and time they were accessed. ![]() The types of devices which can be detected include USB Flash Drives (UFDs), Portable Hard Disk Drives and external USB-connected devices such as DVD-ROM drives. OSForensics can display the details of USB devices which have been recently connected to the computer, providing information about the last connection date and device information such as Manufacturer Name, Product ID and Serial Number. ![]() The data which can be tracked by OSForensics includes (but isn't limited to) files accessed in Microsoft Office applications, Microsoft Wordpad, Microsoft Paint, Microsoft Media Player, Windows Search, Connected Network Drives and the Windows Run command. OSForensics can retrieve data about recently accessed applications, documents, media and network shares by scanning locations in the registry which store a user's Most Recently Used (MRU) lists.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |