Difference between revisions of "Analyzing Program Execution"

From ForensicsWiki
Jump to: navigation, search
(Windows)
(Windows)
Line 22: Line 22:
  
 
=== Windows ===
 
=== Windows ===
* [[Prefetch]]
 
 
* Program crashes
 
* Program crashes
* [[SuperFetch]]
 
** Minidumps
 
 
** Windows Error Reporting (WER)
 
** Windows Error Reporting (WER)
 +
** Minidumps
 +
* Services and drivers
 +
* UserAssist Registry key
 
* [[Windows Application Compatibility]]
 
* [[Windows Application Compatibility]]
 +
** RecentFileCache.bcf
 +
** Amcache.hve
 +
** AppCompatCache Registry key
 
* [[Windows Memory Analysis]]
 
* [[Windows Memory Analysis]]
* Windows Registry
+
* Windows PC Accelerators
** [[Windows Registry#Run/RunOnce|Run/RunOnce keys]]
+
* [[Prefetch]]
 +
* [[ReadyBoot]]
 +
* [[ReadyBoost]]
 +
* [[ReadyDrive]]
 +
* [[SuperFetch]]
 +
* [[Windows Registry#Run/RunOnce|Run/RunOnce Registry keys]] (and equivalents)
 +
* Windows Task Scheduler
 +
** [[Windows Job File Format|Job files]]
 +
** TaskCache Registry key
  
 
== External Links ==
 
== External Links ==

Revision as of 23:56, 8 July 2014

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

This article is intended to give a high-level overview of analyzing program execution on the various operating systems.

Linux

Mac OS X

Windows

See Also

Linux

Mac OS X

Windows

External Links

Windows