Forensicswiki.org has moved to this site, forensicswiki.xyz. For information, please join the Google Group forensicswiki-reborn

Analyzing Program Execution

From Forensics Wiki
Jump to navigation Jump to search

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

This article is intended to give a high-level overview of analyzing program execution on the various operating systems. A typical operating system has direct and indirect program executions indicators.

  • direct indicators; these are artifacts of sub systems related to "executing" a program on the operating system, e.g. a Prefetch file.
  • indirect indicators; these are artifacts that the program itself has left while running, e.g. a MRU Registry key.

This article focuses on the direct program execution indicators.

Linux

Mac OS X

Windows

See Also

Linux

Mac OS X

Windows

Other

Note that third party tooling like "Anti-Virus" or Host-based Intrusions Detection Systems (HIDS) can be used to track program executions. This will vary per product.

External Links

Windows