![]() CSV file listing the running processes and provides the ability to identify current processes running on the device. PrefetchFilesList.txt: Contains the list of all the copied files that can be used to track if there were any copy failures to the prefetch folder.Ĭontains a.NOTE: It is suggested to download a prefetch file viewer to view the prefetch files. Prefetch folder: Contains a copy of the prefetch files from %SystemRoot%\Prefetch.It can be used to track all the files recently used in the system and find traces for applications that might have been deleted but can still be found in the prefetch file list. Windows Prefetch files are designed to speed up the application startup process. FirewallExecutionLog.txt and pfirewall.log.Adapters can represent physical interfaces, such as installed network adapters, or logical interfaces, such as dial-up connections. IpConfig.txt: Displays the full TCP/IP configuration for all adapters.This can help in identifying suspicious connections. DnsCache.txt: Displays the contents of the DNS client resolver cache, which includes both entries preloaded from the local Hosts file and any recently obtained resource records for name queries resolved by the computer.ARP cache can reveal other hosts on a network that have been compromised or suspicious systems on the network that might have been used to run an internal attack. Arp.txt: Displays the current address resolution protocol (ARP) cache tables for all interfaces.Provides the ability to look for suspicious connectivity made by a process. ActiveNetConnections.txt: Displays protocol statistics and current TCP/IP network connections.This folder contains a set of data points related to the connectivity information that can help in identifying connectivity to suspicious URLs, attacker's command and control (C
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |