ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "Analyzing Program Execution"

From ForensicsWiki
Jump to: navigation, search
(Windows)
(Windows)
Line 22: Line 22:
  
 
=== Windows ===
 
=== Windows ===
* [[Prefetch]]
 
 
* Program crashes
 
* Program crashes
* [[SuperFetch]]
 
** Minidumps
 
 
** Windows Error Reporting (WER)
 
** Windows Error Reporting (WER)
 +
** Minidumps
 +
* Services and drivers
 +
* UserAssist Registry key
 
* [[Windows Application Compatibility]]
 
* [[Windows Application Compatibility]]
 +
** RecentFileCache.bcf
 +
** Amcache.hve
 +
** AppCompatCache Registry key
 
* [[Windows Memory Analysis]]
 
* [[Windows Memory Analysis]]
* Windows Registry
+
* Windows PC Accelerators
** [[Windows Registry#Run/RunOnce|Run/RunOnce keys]]
+
* [[Prefetch]]
 +
* [[ReadyBoot]]
 +
* [[ReadyBoost]]
 +
* [[ReadyDrive]]
 +
* [[SuperFetch]]
 +
* [[Windows Registry#Run/RunOnce|Run/RunOnce Registry keys]] (and equivalents)
 +
* Windows Task Scheduler
 +
** [[Windows Job File Format|Job files]]
 +
** TaskCache Registry key
  
 
== External Links ==
 
== External Links ==

Revision as of 04:56, 9 July 2014

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

This article is intended to give a high-level overview of analyzing program execution on the various operating systems.

Linux

Mac OS X

Windows

See Also

Linux

Mac OS X

Windows

External Links

Windows