The consultant on IT and computer forensics Costas Katsavunidis described in the article the alternative to the pre-selection -> Bam.
Bam is a Windows service that Controls activity of background applications. The BAM entries are updated when Windows boots.
This service allows you to determine the forensic time of running background applications. Costas describes the work of this service.
We hope this information will be useful to you.
More.
