Analyzing Program Execution

From ForensicsWiki
Revision as of 02:12, 23 July 2014 by Joachim Metz (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

This article is intended to give a high-level overview of analyzing program execution on the various operating systems. A typical operating system has direct and indirect program executions indicators.

  • direct indicators; these are artifacts of sub systems related to "executing" a program on the operating system, e.g. a Prefetch file.
  • indirect indicators; these are artifacts that the program itself has left while running, e.g. a MRU Registry key.

This article focuses on the direct program execution indicators.

Linux

Mac OS X

Windows

See Also

Linux

Mac OS X

Windows

Other

Note that third party tooling like "Anti-Virus" or Host-based Intrusions Detection Systems (HIDS) can be used to track program executions. This will vary per product.

External Links

Windows