Making complex data simple and compelling
From digital device to digital evidence
Unlock your vehicle's digital evidence potential
Forensic Analysis and Enhancement
Investigating and analyzing financial records
Gain access to the online accounts of deceased loved ones
Clear, precise evidence for a messy world
Expert reports to suit your specific needs
We can locate people anywhere
Stop worrying and learn the truth
Prevent, Detect, Respond To Cyberattacks
First response is crucial. Every minute counts.
The first response is critical to reduce liability
Detection & Removing Spyware Services
Reduce your electronic risk from digital transmittals
Find out who you are really talking to
Experienced, Confidential Services
Swift, professional incident response
Complicated cases require compelling digital facts
Find, recover and document digital evidence
Bring solid evidence before a judge
Cases can be investigated using Social Media
James Habben wrote a post about the “Secret Archives of Execution Evidence: CCM_RecentlyUsedApps”. He says that without digital forensic – medical examination of the artifact, it becomes increasingly difficult to build a chronology of events from all systems involved in incident response.
Microsoft developed software accounting SCCM, to report the use of applications for statistical analysis. SCCM has the ability to collect inventory data from many sources, as well as tracking executable files run is one.
CCM_RecentlyUsedApps records are a great artifact to be identified as executable files and deleted files, if any attacker. Like all forensic artifacts, analysis of these journal entries the software metering agent should only be one part of a complete and well-balanced strategy of the investigation.
James describes the New Python Tool and New tool EnSkript and shares his suspicions, and encourages “use the data deduplication into Excel, because I ran into a number of errors in EnCase trying to make this work EnScript.”
More.
Speak to a Specialist Now
Get Help Now