B51

Uploaded by

nobuyuki

0% found this document useful (0 votes)

50 views1 page

b51

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

b51

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

50 views1 page

B51

Uploaded by

nobuyuki

b51

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 1

Search inside document

Book 5 Execution Evidence

Thursday, June 2, 2016

2:57 PM

Advanced Evidence of Execution

- Prefetchparser: volatility, comb memory address space for prefetch files not on disk.
Scan virtual memory for prefetch headers.
Strong validation reduce false positives.
Internal metadata.
- ShimCache: Application compatibility cache
AppCompatCache registry key for compatibility.
Track EXE last modification date, file path, file size.
Registry entries are created => notify system.
Most recent events are on top, new entries are written on shutdown
InsertFlag in AppCompatCache entry.
ShimCacheParser.py
Metadata in data structure, when shutdown, data str is serialized into registry
Find registry path, determine format, return data in CSV format or STDOUT.
Search ControlSet and return unique entries by default. ExecFlag true
Shimcache volatility: parse app com shim cache registry key.
RecentFileCache.bcf: Application Experience <-> App Com Cache.
Check DB for known problems using UA.
ProgramDataUpdater uses registry file during process creation.
Maintained by Program Data Updater scheduled service.
Collect MS customer experience improvement program.
Reference to program copied/downloaded/executed on sustem.
Information is cleared when ProgramDataUpdater runs. (12:30AM).
Rfc.pl to extract data
Amcache.hve: replacement of RecentFileCache.bcf
Numeric keys = different exe file run.
Volume GUID and SYSTEM hive's MountedDevice key
- Cafae.exe automate registry extraction
Ntusr.dat hive and usrclass.dat hive for Vista.

Steinberg Page 1

Oracle DBA Checklist
Document17 pages
Oracle DBA Checklist
Dileep Eluri
No ratings yet
Day To Day Activities
Document7 pages
Day To Day Activities
Patti Prashanth
No ratings yet
STBC
Document4 pages
STBC
sravan.appsdba
No ratings yet
Oracle DBA Checklist
Document3 pages
Oracle DBA Checklist
mvineeta
No ratings yet
How Do You Store Data With A Script in A File With WinCC (TIA Portal) PC Runtime
Document3 pages
How Do You Store Data With A Script in A File With WinCC (TIA Portal) PC Runtime
Ravi
100% (1)
Cutover Plan
Document8 pages
Cutover Plan
Soorav Mlic
No ratings yet
Unit 5 Architecture and Scenarios
Document6 pages
Unit 5 Architecture and Scenarios
bkumar1979
No ratings yet
Alter Database Backup Controlfile To Trace - PM-DB PDF
Document3 pages
Alter Database Backup Controlfile To Trace - PM-DB PDF
Chander Shekhar
No ratings yet
Network Administration Exam Cheat Sheet.
Document3 pages
Network Administration Exam Cheat Sheet.
Exodius
100% (2)
SQL
Document9 pages
SQL
Meron Vingio
No ratings yet
Recovery and Indexing
Document60 pages
Recovery and Indexing
Mrinaal Malhotra
No ratings yet
How To Set Up PostgreSQL For High Availability and Replication With Hot Standby
Document11 pages
How To Set Up PostgreSQL For High Availability and Replication With Hot Standby
goosie66
No ratings yet
Backing Up and Restoring Progeny Databases
Document19 pages
Backing Up and Restoring Progeny Databases
victordrazon
No ratings yet
Oracle DBA Checklist
Document15 pages
Oracle DBA Checklist
magicmangesh
No ratings yet
Oracle DBA Checklist
Document7 pages
Oracle DBA Checklist
rrpawar2003
No ratings yet
Implementation of Simple Stack Allocation Scheme
Document4 pages
Implementation of Simple Stack Allocation Scheme
Samyak Varshney
100% (1)
Process Multiple Flat Files Concurrently Using Concurrent Execution
Document5 pages
Process Multiple Flat Files Concurrently Using Concurrent Execution
Akash Kumar
No ratings yet
SAP HANA In-Memory Technology Delivers Breakthrough Performance for Reporting
Document4 pages
SAP HANA In-Memory Technology Delivers Breakthrough Performance for Reporting
Adi Chilukuri
No ratings yet
Slide 3 Record Layout Diagrams
Document19 pages
Slide 3 Record Layout Diagrams
cnajjemba
No ratings yet
Creating Backups: Following The Backup Process
Document3 pages
Creating Backups: Following The Backup Process
Vik Palapa
No ratings yet
Optimizing The Server Environment For TechSolutions Inc
Document7 pages
Optimizing The Server Environment For TechSolutions Inc
Shreya Ashoka
No ratings yet
Chapter 16 Random Access Files
Document35 pages
Chapter 16 Random Access Files
chakri278
No ratings yet
Welcome To The World of "Cache"
Document37 pages
Welcome To The World of "Cache"
Priya Jain
No ratings yet
Paper Review 1 - Google File System
Document2 pages
Paper Review 1 - Google File System
vicky.vetal
No ratings yet
Kafka
Document3 pages
Kafka
gogula sivannarayana
No ratings yet
Integrating Observeit With HP Arcsight Cef
Document12 pages
Integrating Observeit With HP Arcsight Cef
gabytgv
No ratings yet
DBAPostgre SQL
Document32 pages
DBAPostgre SQL
Stefano Araujo
No ratings yet
AMP Update Server Configuration Steps: All Platforms
Document4 pages
AMP Update Server Configuration Steps: All Platforms
DhikaTriJaya
No ratings yet
Performance Bottlenecks
Document21 pages
Performance Bottlenecks
Sulbha Joshi
No ratings yet
Websense Backup Utility
Document3 pages
Websense Backup Utility
Fabrizio Rosina
No ratings yet
DB 1
Document338 pages
DB 1
Kartheek Bobba
No ratings yet
Cpphtp5 17 IM
Document34 pages
Cpphtp5 17 IM
Claudio De Conti
No ratings yet
Address: Number Given To A Memory Location For Identification
Document8 pages
Address: Number Given To A Memory Location For Identification
Ramesh Rayala
No ratings yet
Archiving Step by Step
Document22 pages
Archiving Step by Step
Mohammad Arif
100% (1)
Schedule PowerCenter Repository Backups Using pmrep and System Variables
Document2 pages
Schedule PowerCenter Repository Backups Using pmrep and System Variables
smereddy
No ratings yet
Installation and Debugging Notes For CPE Document Rendering
Document2 pages
Installation and Debugging Notes For CPE Document Rendering
Wresni Catur S
No ratings yet
Oracle DBA Checklist
Document15 pages
Oracle DBA Checklist
Arun Ye
33% (3)
Script-Controlled Backups SAP HANA Database
Document16 pages
Script-Controlled Backups SAP HANA Database
menuselect
0% (1)
Custom database synchronization using SQL Server backups
Document2 pages
Custom database synchronization using SQL Server backups
Kiran Patil
No ratings yet
Windows Performance Analysis Field Guide
From Everand
Windows Performance Analysis Field Guide
Clint Huffman
Rating: 4 out of 5 stars
4/5 (2)
Oracle DBA Checklist for Daily, Nightly and Weekly Tasks
Document7 pages
Oracle DBA Checklist for Daily, Nightly and Weekly Tasks
Jon Goodson
No ratings yet
PostgreSQLInstallation RunBook
Document33 pages
PostgreSQLInstallation RunBook
Raj
100% (1)
Limit Total Archive Days GridProtectionAlliance - Openhistorian Wiki GitHub
Document2 pages
Limit Total Archive Days GridProtectionAlliance - Openhistorian Wiki GitHub
aaaa
No ratings yet
PRM Backup Restore
Document10 pages
PRM Backup Restore
atif
No ratings yet
Back up Avaya media server data
Document5 pages
Back up Avaya media server data
Sanjay Pawar
No ratings yet
How To Determine The Appropriate Page File Size For 64
Document6 pages
How To Determine The Appropriate Page File Size For 64
amsavp
No ratings yet
New Text Document
Document436 pages
New Text Document
José Flores T.
No ratings yet
DataDiag Tool Installation & User Guide v1.1
Document14 pages
DataDiag Tool Installation & User Guide v1.1
Việt Nguyễn
No ratings yet
Described in Task 3. Which Upgrades And/or Options Would Improve These Aspects of This Computer?
Document6 pages
Described in Task 3. Which Upgrades And/or Options Would Improve These Aspects of This Computer?
Regil Tryadi Adhiwidjaya
100% (1)
Performance Tunning Steps
Document11 pages
Performance Tunning Steps
Vinu3012
No ratings yet
How To Copy Production Database To Test System
Document2 pages
How To Copy Production Database To Test System
dhanireddymadhu
No ratings yet
How To Add or Extend Datafiles in Sap System Based On Oracle Database ?
Document22 pages
How To Add or Extend Datafiles in Sap System Based On Oracle Database ?
Abdul27
No ratings yet
Sgoutput
Document162 pages
Sgoutput
Hemant Bhardwaj
No ratings yet
Ch3 Memory Management
Document16 pages
Ch3 Memory Management
awmiranda
No ratings yet
PostgreSQL 9.0 High Performance
From Everand
PostgreSQL 9.0 High Performance
Gregory Smith
Rating: 4 out of 5 stars
4/5 (1)
Red Hat Enterprise Linux Troubleshooting Guide
From Everand
Red Hat Enterprise Linux Troubleshooting Guide
Cane Benjamin
Rating: 4 out of 5 stars
4/5 (1)
Inspiring Powershell Articles
From Everand
Inspiring Powershell Articles
Murat Yildirimoglu
No ratings yet
Troubleshooting Ubuntu Server
From Everand
Troubleshooting Ubuntu Server
Bhargav Skanda
No ratings yet
Building Websites with OpenCms
From Everand
Building Websites with OpenCms
Matt Butcher
No ratings yet
SAS Programming Guidelines Interview Questions You'll Most Likely Be Asked
From Everand
SAS Programming Guidelines Interview Questions You'll Most Likely Be Asked
Vibrant Publishers
No ratings yet
Halwani - Virtue Ethics, Casual Sex, and Objectification
Document7 pages
Halwani - Virtue Ethics, Casual Sex, and Objectification
nobuyuki
100% (1)
Educati On-Responsi Ve HTML 5 Busi Ness Templ Ate: Thanks F or Downl Oad
Document1 page
Educati On-Responsi Ve HTML 5 Busi Ness Templ Ate: Thanks F or Downl Oad
nobuyuki
No ratings yet
Practice Exam1
Document25 pages
Practice Exam1
nobuyuki
No ratings yet
What's Really Wrong With Adultery - Michael J Wren
Document5 pages
What's Really Wrong With Adultery - Michael J Wren
nobuyuki
No ratings yet
Financial Management Support
Document20 pages
Financial Management Support
kumarritesh84
No ratings yet
Kant - Duties Toward The Body
Document4 pages
Kant - Duties Toward The Body
nobuyuki
No ratings yet
Jouko Vaananen - A Short Course On Finite Model Theory
Document44 pages
Jouko Vaananen - A Short Course On Finite Model Theory
Nine000
No ratings yet
1 s2.0 S0021869399976408 Main
Document58 pages
1 s2.0 S0021869399976408 Main
nobuyuki
No ratings yet
Lecture 3a
Document18 pages
Lecture 3a
nobuyuki
No ratings yet
Logic
Document128 pages
Logic
Buranija
No ratings yet
Terms
Document2 pages
Terms
nobuyuki
No ratings yet
TB CH 4
Document34 pages
TB CH 4
nobuyuki
100% (1)
Osuntokun 2015
Document3 pages
Osuntokun 2015
nobuyuki
No ratings yet
FRL486 HW2
Document2 pages
FRL486 HW2
nobuyuki
No ratings yet
Annals Anecdote
Document2 pages
Annals Anecdote
nobuyuki
No ratings yet
Rnoti p148
Document4 pages
Rnoti p148
nobuyuki
No ratings yet
Readme
Document1 page
Readme
nobuyuki
No ratings yet
Tangled Tapes: Infinity, Interaction and Turing Machines: Paul Cockshott (1), Greg Michaelson
Document10 pages
Tangled Tapes: Infinity, Interaction and Turing Machines: Paul Cockshott (1), Greg Michaelson
nobuyuki
No ratings yet
Engineering Risk Benefit Analysis
Document18 pages
Engineering Risk Benefit Analysis
nobuyuki
No ratings yet
Problem Set 2 International Finance Solutions
Document9 pages
Problem Set 2 International Finance Solutions
Sourav Nandy
No ratings yet
Muse Log
Document1 page
Muse Log
nobuyuki
No ratings yet
OFFSEC Lab Connectivity
Document7 pages
OFFSEC Lab Connectivity
nobuyuki
No ratings yet
Hw1 Bus424 Sol
Document17 pages
Hw1 Bus424 Sol
nobuyuki
No ratings yet
David Weinstein: Advanced x86: Virtualization With VT-X
Document69 pages
David Weinstein: Advanced x86: Virtualization With VT-X
nobuyuki
No ratings yet
117 303
Document34 pages
117 303
nobuyuki
No ratings yet
Offensive Security: Penetration Test Report For Internal Lab and Exam
Document12 pages
Offensive Security: Penetration Test Report For Internal Lab and Exam
nobuyuki
100% (1)
Giddy/ABS Mortgage-Backed Securities/1
Document20 pages
Giddy/ABS Mortgage-Backed Securities/1
Kaveri Biswas Kukreja
No ratings yet
Linux+ Series (Intermediate & Advanced)
Document1 page
Linux+ Series (Intermediate & Advanced)
nobuyuki
No ratings yet
HW1 FRL383
Document2 pages
HW1 FRL383
nobuyuki
No ratings yet